Jump to content

MBAM Malicious Website Block


Recommended Posts

History - hope it's not too much info:

Problems first noted about six weeks ago with infection of SecurityTool. Followed bleepingcomputer instructions with MBAM and was finally able to stop seizure and purchased MBAM license. However, was finding rootkit infections continued. Obtained MBAM tech support to clean system, which continued until unable to delete c:\windows\system32\drivers\kuxzlr.sys. (Had used Avenger, ComboFix, OTM, Recovery Console.)

Proceeded on own as follows:

AVG system scan found/removed/healed 6 infections-Trojan Horse Rootkit-Agent.EG:

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip:kuxzlr.sys

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip:kuxzlr.sys.1

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip:kuxzlr.sys.3

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip:kuxzlr.sys.4

C:\Qoobox\Quarantine\C\Windows\system32\drivers\_kuxzlr_.sys.zip:kuxzlr.sys.5

Downloaded Microsoft Security Essentials (MSE); scan found/removed:

Trojan:WinNT/Bubnix.gen!A c:\windows\system32\drivers\kuxzlr.sys

Next MSE scan found/removed:

Trojan:WinNT/Bubmix.gen!A

c:\System Volume Information\_restore{39FD2E65-E5B8-A64F-01126D87DCF9}\RP29\A0003061.sys

Spybot scan found/removed:

Fraud:Sysguard

While running MSE Quick Scan, AVG Resident Shield notifies of virus:

Win32/Patched.DX Process Name: c:\windows\system32\svchost.exe

c:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP31\A0005712.sys

Unable to heal - moved to vault

MSE scan found/disinfected:

Virus:Win32/Alureon.H

c:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP31\A0005712.sys

Next MSE scan found/disinfected:

Virus:Win32/Alureon.H

c:\Qoobox\Quarantine\C\Windows\system32\drivers\redbook.sys.vir_

Subsequent AVG/MSE/MBAM/Spybot full scans have been clean, however, I'm constantly getting MBAM popups stating potentially malicious websites are being blocked. (Have seen other posts re the same but have not taken any actions.)

Logs prepared per your pre-post notes;

Ran Defogger to completion, did not reboot but prepared a log. Ran DDS; ran GMER and it rebooted the pc after scanning a couple of hours. Ensured 'active content for My Computer' enabled in IE Internet Options/Security (was not able to find any script blocker in AVG/MSE/MBAM) and ran Defogger again; no auto reboot so I rebooted manually; ran DDS then GMER.

Thanks!

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4188

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/11/2010 2:21:17 AM

mbam-log-2010-06-11 (02-21-17).txt

Scan type: Quick scan

Objects scanned: 164675

Time elapsed: 21 minute(s), 4 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-03-17.01) - NTFSx86

Run by Doug at 15:51:12.62 on Thu 06/10/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.441 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\pctspk.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\RioMSC.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\Iomega\AutoDisk\ADService.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Garmin\gStart.exe

C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Documents and Settings\Doug\Desktop\dds.com

c:\program files\real\realplayer\RealPlay.exe

C:\WINDOWS\system32\msfeedssync.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.drudgereport.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uCustomizeSearch = hxxp://ie.search.msn.com

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [gStart] c:\garmin\gStart.exe

mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe

mRun: [iMONTRAY] c:\program files\intel\intel® active monitor\imontray.exe

mRun: [intelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"

mRun: [Camera Detector] c:\progra~1\acdsys~1\devdet~1\DEVDET~1.EXE -autorun

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Malwarebytes Anti-Malware (rootkit-scan)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {44226DFF-747E-4edc-B30C-78752E50CD0C} - {44226DFF-747E-4edc-B30C-78752E50CD0C} - c:\program files\ati multimedia\tv\EXPLBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: finehomebuilding.com\www

Trusted Zone: plateauwildlife.com\mail

Trusted Zone: taunton.com\reg

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://www.activation.rr.com/install/download/tgctlcm.cab

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab

DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - hxxp://www.costcophotocenter.com/CostcoOutlookImport.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204

DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1101956813290

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192471026077

DPF: {6F750202-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab

DPF: {74FFE28D-2378-11D5-990C-006094235084} - hxxps://www-307.ibm.com/pc/support/access/aslibmain/content/IbmEgath.cab

DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} - hxxps://mail.plateauwildlife.com/Remote/msrdp.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab

DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} - hxxp://kaseya.riata-tech.com/inc/kaxRemote.dll

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\doug\applic~1\mozilla\firefox\profiles\d7lrcvcm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [2003-1-5 17792]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-27 335240]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-10-12 27784]

R1 enportv;enportv;c:\windows\system32\drivers\enportv.sys [2006-2-4 28416]

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 297752]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-1 304464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-9-6 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-1 20952]

S1 MpKsl75be3789;MpKsl75be3789;\??\c:\windows\system32\mpenginestore\mpksl75be3789.sys --> c:\windows\system32\mpenginestore\MpKsl75be3789.sys [?]

S2 gupdate1c98ac2b8b1b730;Google Update Service (gupdate1c98ac2b8b1b730);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]

S3 ATIPCXXX;ATI Parental control device;c:\windows\system32\drivers\atipcxxx.sys [2002-12-19 10240]

S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [2002-12-19 49920]

S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);c:\windows\system32\drivers\ativxbar.sys [2002-12-19 26624]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 iscFlash;iscFlash;\??\c:\windows\system32\drivers\iscflash.sys --> c:\windows\system32\drivers\iscflash.sys [?]

S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]

============== File Associations ===============

.scr=DWGTrueViewScriptFile

=============== Created Last 30 ================

2010-06-10 17:06:55 0 ----a-w- c:\documents and settings\doug\defogger_reenable

2010-06-03 21:16:29 0 d-----w- c:\program files\Microsoft Security Essentials

2010-06-03 19:18:52 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys

2010-06-03 19:18:52 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-06-01 21:01:18 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-27 15:40:06 0 d-----w- C:\_OTM

2010-05-26 21:54:22 0 d-sha-r- C:\cmdcons

2010-05-26 21:48:39 98816 ----a-w- c:\windows\sed.exe

2010-05-26 21:48:39 77312 ----a-w- c:\windows\MBR.exe

2010-05-26 21:48:39 256512 ----a-w- c:\windows\PEV.exe

2010-05-26 21:48:39 161792 ----a-w- c:\windows\SWREG.exe

2010-05-25 12:14:51 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

2010-05-25 03:38:48 0 d-----w- c:\windows\system32\MpEngineStore

2010-05-25 03:36:27 0 d-----w- C:\acaef223b3beb048f035f7ca4d

2010-05-20 18:46:57 0 d-----w- c:\program files\Garmin

==================== Find3M ====================

2010-04-29 21:08:55 711168 ----a-w- c:\windows\is-IV4HO.exe

2010-04-29 20:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-18 17:48:20 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-03-23 19:47:39 256 ----a-w- c:\documents and settings\doug\pool.bin

2006-02-04 13:13:00 51456 ----a-w- c:\windows\inf\gsiata.sys

2008-09-23 00:32:27 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

============= FINISH: 15:54:15.26 ===============

ark.zip

Attach_2.zip

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hello ,

And :angry: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

Please post me the log you will find at c:\combofix.txt

Link to post
Share on other sites

Hello ,

And :welcome: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

Please post me the log you will find at c:\combofix.txt

Link to post
Share on other sites

Thank you for your response and assistance, Elise. I am posting the log for the last ComboFix run.

ComboFix 10-06-02.04 - Doug 06/03/2010 14:24:14.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.636 [GMT -5:00]

Running from: c:\documents and settings\Doug\Desktop\pie.com

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

Infected copy of c:\windows\system32\DRIVERS\redbook.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2010-05-03 to 2010-06-03 )))))))))))))))))))))))))))))))

.

2010-06-03 19:18 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys

2010-06-03 19:18 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-06-01 21:01 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-06-01 13:20 . 2010-06-01 13:30 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-27 15:40 . 2010-05-27 15:40 -------- d-----w- C:\_OTM

2010-05-25 17:59 . 2010-05-25 18:00 -------- d-----w- C:\rsit

2010-05-25 12:14 . 2010-05-25 12:14 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

2010-05-25 03:38 . 2010-05-25 12:16 -------- d-----w- c:\windows\system32\MpEngineStore

2010-05-25 03:36 . 2010-05-25 12:16 -------- d-----w- C:\acaef223b3beb048f035f7ca4d

2010-05-20 18:47 . 2010-05-20 18:47 -------- d-----w- c:\program files\DIFX

2010-05-20 18:46 . 2010-05-20 18:46 -------- d-----w- c:\program files\Garmin

2010-05-10 19:40 . 2001-09-19 19:47 991232 ----a-w- c:\windows\system32\virtear.dll

2010-05-10 19:40 . 2001-08-18 03:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll

2010-05-10 19:40 . 2001-08-18 03:36 98304 ----a-w- c:\windows\system32\a3d.dll

2010-05-10 19:39 . 2001-09-21 21:32 450840 ----a-w- c:\windows\system32\drivers\smwdm.sys

2010-05-10 19:39 . 2001-09-21 21:32 2619 ----a-w- c:\windows\system32\drivers\sensupgd.sys

2010-05-10 19:39 . 2010-06-03 15:48 -------- d-----w- c:\program files\Analog Devices

2010-05-10 19:23 . 2010-05-10 19:23 -------- d-----w- c:\program files\SystemRequirementsLab

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-03 04:08 . 2008-03-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-02 20:01 . 2010-01-14 16:40 -------- d-----w- c:\documents and settings\Doug\Application Data\PrimoPDF

2010-05-25 17:59 . 2006-03-16 03:48 -------- d-----w- c:\program files\Trend Micro

2010-05-12 18:56 . 2005-06-10 23:29 -------- d-----w- c:\program files\Lavasoft

2010-05-10 19:40 . 2002-12-19 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-05 06:17 . 2010-04-29 15:14 -------- d-----w- c:\documents and settings\Doug\Application Data\3B4B9E60933DD2591D35596DBB73B27B

2010-05-03 01:17 . 2010-05-03 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-05-02 07:00 . 2010-05-02 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes

2010-05-01 16:27 . 2010-04-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 08:38 . 2008-05-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-01 00:42 . 2009-10-21 22:04 -------- d-----w- c:\program files\Uniblue

2010-05-01 00:03 . 2010-02-20 16:42 -------- d-----w- c:\documents and settings\Doug\Application Data\Uniblue

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Spyware Doctor

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-04-30 22:45 . 2010-04-29 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-30 21:07 . 2004-10-31 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-30 19:01 . 2009-07-23 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-04-29 21:08 . 2010-04-29 21:08 711168 ----a-w- c:\windows\is-IV4HO.exe

2010-04-29 20:39 . 2010-05-01 16:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-05-01 16:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Common Files\Real

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Real

2010-04-18 17:49 . 2010-04-18 17:49 -------- d-----w- c:\program files\Common Files\xing shared

2010-04-18 17:48 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-05 15:31 . 2006-03-15 18:53 -------- d-----w- c:\program files\Google

2010-03-23 19:47 . 2009-07-14 18:36 256 ----a-w- c:\documents and settings\Doug\pool.bin

2010-03-10 06:15 . 2002-02-27 00:58 420352 ----a-w- c:\windows\system32\vbscript.dll

2007-10-07 17:19 . 2007-10-07 17:19 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-08-14 147456]

"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]

"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-07 1838592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-07 77824]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-11 798720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-18 00:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad Manager.lnk

backup=c:\windows\pss\Riorad Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad SB-Riot Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad SB-Riot Manager.lnk

backup=c:\windows\pss\Riorad SB-Riot Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 19:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 03:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 20:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2004-07-07 16:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riomgr.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riormgr.exe"=

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [1/5/2003 2:25 PM 17792]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 6:41 AM 335240]

R1 enportv;enportv;c:\windows\system32\drivers\enportv.sys [2/4/2006 8:12 AM 28416]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 1:08 PM 297752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/1/2010 11:27 AM 304464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/6/2007 5:09 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/1/2010 11:27 AM 20952]

S1 MpKsl75be3789;MpKsl75be3789;\??\c:\windows\system32\MpEngineStore\MpKsl75be3789.sys --> c:\windows\system32\MpEngineStore\MpKsl75be3789.sys [?]

S2 gupdate1c98ac2b8b1b730;Google Update Service (gupdate1c98ac2b8b1b730);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 9:28 AM 133104]

S3 ATIPCXXX;ATI Parental control device;c:\windows\system32\drivers\atipcxxx.sys [12/19/2002 8:53 AM 10240]

S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [12/19/2002 8:53 AM 49920]

S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);c:\windows\system32\drivers\ativxbar.sys [12/19/2002 8:53 AM 26624]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]

S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-07 00:03]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-03 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-05-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-03 c:\windows\Tasks\User_Feed_Synchronization-{22B9F4EE-F161-4ED4-9132-F02211555B6A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

2010-06-03 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uCustomizeSearch = hxxp://ie.search.msn.com

Trusted Zone: finehomebuilding.com\www

Trusted Zone: plateauwildlife.com\mail

Trusted Zone: taunton.com\reg

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\d7lrcvcm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-03 14:41

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1404)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\brss01a.exe

c:\progra~1\Iomega\System32\AppServices.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\windows\system32\pctspk.exe

c:\windows\System32\RioMSC.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Iomega\AutoDisk\ADService.exe

c:\program files\Intel\Intel® Active Monitor\imonnt.exe

c:\progra~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2010-06-03 14:51:34 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-03 19:51

ComboFix2.txt 2010-05-27 03:22

ComboFix3.txt 2010-05-26 22:38

Pre-Run: 19,253,137,408 bytes free

Post-Run: 19,329,204,224 bytes free

- - End Of File - - DEB613B96C1685D7A328464960B7E142

Link to post
Share on other sites

That was a nasty rootkit infection you had there. We need to make sure it is gone indeed (this one can be quite persistent), but first please read the following information.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Now, lets run Combofix again. Please make sure you delete any old copies.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

CF log as requested; (if it means anything, after Stage 2 completed, popup message stated 'PEV.cfxxe has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of something, the information you were working on might be lost.

For more information about this error, click here. Close.' I clicked Close and the program continued through the other stages.

ComboFix 10-06-12.04 - Doug 06/13/2010 12:51:00.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.381 [GMT -5:00]

Running from: c:\documents and settings\Doug\Desktop\CF061310.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-05-13 to 2010-06-13 )))))))))))))))))))))))))))))))

.

2010-06-13 04:31 . 2010-06-13 04:31 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\PCHealth

2010-06-13 04:31 . 2010-06-13 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-06-11 21:40 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-04 04:03 . 2010-06-04 04:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-06-03 21:16 . 2010-06-03 21:17 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-03 19:18 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys

2010-06-03 19:18 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-06-01 21:01 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-06-01 13:20 . 2010-06-01 13:30 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-27 15:40 . 2010-05-27 15:40 -------- d-----w- C:\_OTM

2010-05-25 17:59 . 2010-05-25 18:00 -------- d-----w- C:\rsit

2010-05-25 12:14 . 2010-05-25 12:14 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

2010-05-25 03:38 . 2010-05-25 12:16 -------- d-----w- c:\windows\system32\MpEngineStore

2010-05-25 03:36 . 2010-05-25 12:16 -------- d-----w- C:\acaef223b3beb048f035f7ca4d

2010-05-20 18:47 . 2010-05-20 18:47 -------- d-----w- c:\program files\DIFX

2010-05-20 18:46 . 2010-05-20 18:46 -------- d-----w- c:\program files\Garmin

2010-05-20 01:08 . 2010-05-20 01:08 388096 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-13 17:32 . 2008-03-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-07 16:40 . 2008-07-25 14:54 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 23:22 . 2010-01-14 16:40 -------- d-----w- c:\documents and settings\Doug\Application Data\PrimoPDF

2010-06-03 15:48 . 2010-05-10 19:39 -------- d-----w- c:\program files\Analog Devices

2010-05-25 17:59 . 2006-03-16 03:48 -------- d-----w- c:\program files\Trend Micro

2010-05-12 18:56 . 2005-06-10 23:29 -------- d-----w- c:\program files\Lavasoft

2010-05-10 19:40 . 2002-12-19 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-10 19:23 . 2010-05-10 19:23 -------- d-----w- c:\program files\SystemRequirementsLab

2010-05-06 10:41 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-05 06:17 . 2010-04-29 15:14 -------- d-----w- c:\documents and settings\Doug\Application Data\3B4B9E60933DD2591D35596DBB73B27B

2010-05-03 01:17 . 2010-05-03 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-05-02 07:00 . 2010-05-02 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes

2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 16:27 . 2010-04-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 08:38 . 2008-05-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-01 00:42 . 2009-10-21 22:04 -------- d-----w- c:\program files\Uniblue

2010-05-01 00:03 . 2010-02-20 16:42 -------- d-----w- c:\documents and settings\Doug\Application Data\Uniblue

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Spyware Doctor

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-04-30 22:45 . 2010-04-29 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-30 21:07 . 2004-10-31 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-30 19:01 . 2009-07-23 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-04-29 21:08 . 2010-04-29 21:08 711168 ----a-w- c:\windows\is-IV4HO.exe

2010-04-29 20:39 . 2010-05-01 16:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-05-01 16:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2001-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-04-18 17:50 . 2010-04-18 17:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-04-18 17:50 . 2010-04-18 17:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-18 17:50 . 2010-04-18 17:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-04-18 17:50 . 2010-04-18 17:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-18 17:50 . 2010-04-18 17:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Common Files\Real

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Real

2010-04-18 17:49 . 2010-04-18 17:49 -------- d-----w- c:\program files\Common Files\xing shared

2010-04-18 17:48 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-18 17:32 . 2010-04-18 17:32 734728 ----a-w- c:\documents and settings\Doug\Application Data\Real\RealPlayer\setup\AU_setup13.exe

2010-04-17 15:25 . 2010-04-17 15:25 439816 ----a-w- c:\documents and settings\Doug\Application Data\Real\Update\setup3.10\setup.exe

2010-04-13 21:55 . 2009-11-22 13:20 79488 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-23 19:47 . 2009-07-14 18:36 256 ----a-w- c:\documents and settings\Doug\pool.bin

2007-10-07 17:19 . 2007-10-07 17:19 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-08-14 147456]

"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]

"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-07 1838592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-07 77824]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-11 798720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-18 00:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad Manager.lnk

backup=c:\windows\pss\Riorad Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad SB-Riot Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad SB-Riot Manager.lnk

backup=c:\windows\pss\Riorad SB-Riot Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 19:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 03:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 20:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2004-07-07 16:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riomgr.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riormgr.exe"=

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [1/5/2003 2:25 PM 17792]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 6:41 AM 335240]

R1 enportv;enportv;c:\windows\system32\drivers\enportv.sys [2/4/2006 8:12 AM 28416]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 1:08 PM 297752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/1/2010 11:27 AM 304464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/6/2007 5:09 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/1/2010 11:27 AM 20952]

S1 MpKsl75be3789;MpKsl75be3789;\??\c:\windows\system32\MpEngineStore\MpKsl75be3789.sys --> c:\windows\system32\MpEngineStore\MpKsl75be3789.sys [?]

S2 gupdate1c98ac2b8b1b730;Google Update Service (gupdate1c98ac2b8b1b730);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 9:28 AM 133104]

S3 ATIPCXXX;ATI Parental control device;c:\windows\system32\drivers\atipcxxx.sys [12/19/2002 8:53 AM 10240]

S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [12/19/2002 8:53 AM 49920]

S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);c:\windows\system32\drivers\ativxbar.sys [12/19/2002 8:53 AM 26624]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]

S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2010-06-13 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-07 00:03]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-12 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]

2010-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-06 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-13 c:\windows\Tasks\User_Feed_Synchronization-{22B9F4EE-F161-4ED4-9132-F02211555B6A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

2010-06-12 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uCustomizeSearch = hxxp://ie.search.msn.com

Trusted Zone: finehomebuilding.com\www

Trusted Zone: plateauwildlife.com\mail

Trusted Zone: taunton.com\reg

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\d7lrcvcm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

.

------- File Associations -------

.

.scr=DWGTrueViewScriptFile

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-13 13:07

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1624)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-13 13:15:29

ComboFix-quarantined-files.txt 2010-06-13 18:15

ComboFix2.txt 2010-06-03 19:51

ComboFix3.txt 2010-05-27 03:22

ComboFix4.txt 2010-05-26 22:38

Pre-Run: 18,779,832,320 bytes free

Post-Run: 18,829,811,712 bytes free

- - End Of File - - 938B12B75FEA08564847273CED4A9864

Link to post
Share on other sites

Hello again,

That is looking good. Please let me know what problems you are still having at this point (most of the detections mentioned in your first post are actually in System Restore or Combofix Quarantine and harmless).

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 20 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Please launch MBAM, update it and run a full scan. Post me the resulting log please.

Link to post
Share on other sites

Elise - thank you for your continuing assistance. Per instructions, uninstalled all Java components and installed 6u20 update. Just completed MBAM Full scan.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4197

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/14/2010 1:21:55 PM

mbam-log-2010-06-14 (13-21-55).txt

Scan type: Full scan (C:\|)

Objects scanned: 260234

Time elapsed: 2 hour(s), 59 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

That looks excellent :) Do you have any problems left?

Lets do one last Antivirus scan to ensure no leftovers are hiding somewhere.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

Thanks, Elise.

Ran ESET scan, which finished about 18:30 or so, and have the report posted below. Following the scan, I rebooted the PC and watched for any MBAM IP address blocking popups, which are continuing. I've also posted the MBAM protection log from just before sending this reply. With the popups, I'm assuming I've still got some demons hiding somewhere in the system.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\DNSFlushcws1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinFakealertttam.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\SearchSettings.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\SearchSettings.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\SearchSettingsRes409.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\WidgiHelper.exe.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\Program Files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll.vir Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP21\A0001670.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP21\A0001671.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP21\A0001672.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP21\A0001673.dll Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

C:\System Volume Information\_restore{39FD2E65-E5B8-4B9B-A64F-01126D87DCF9}\RP21\A0001675.exe Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined

01:00:00 Doug ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:00:00 Doug MESSAGE Scheduled scan executed successfully

06:05:23 Doug IP-BLOCK 98.126.11.142

07:14:36 Doug IP-BLOCK 221.192.199.35

09:58:31 Doug MESSAGE Protection started successfully

09:58:52 Doug MESSAGE IP Protection started successfully

10:20:54 Doug MESSAGE IP Protection stopped

10:21:26 Doug MESSAGE Database updated successfully

10:21:31 Doug MESSAGE IP Protection started successfully

10:56:03 Doug IP-BLOCK 121.11.86.68

11:09:44 Doug IP-BLOCK 121.11.86.68

11:20:49 Doug IP-BLOCK 59.34.197.105

11:24:25 Doug IP-BLOCK 218.8.245.123

11:26:04 Doug IP-BLOCK 218.8.245.123

13:44:48 Doug IP-BLOCK 221.192.199.35

15:21:53 Doug IP-BLOCK 60.191.185.178

15:21:58 Doug IP-BLOCK 60.191.185.178

15:42:58 Doug IP-BLOCK 60.191.187.10

15:43:04 Doug IP-BLOCK 60.191.187.10

16:40:52 Doug IP-BLOCK 59.34.197.105

18:34:38 Doug IP-BLOCK 121.11.86.68

20:15:36 Doug MESSAGE Protection started successfully

20:15:52 Doug MESSAGE IP Protection started successfully

21:01:19 Doug IP-BLOCK 221.192.199.35

21:17:12 Doug IP-BLOCK 91.212.127.100

Link to post
Share on other sites

Please let me know how you are connecting to the internet. If you use a router, please reset it (it should have a button for that).

Also, click Start > Run, type cmd and press enter.

Type ipconfig /flushdns at the command prompt and press enter.

Let me know if these steps made any difference.

Link to post
Share on other sites

Unfortunately, still getting IP blocks; current log below:

01:00:00 Doug ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:00:00 Doug MESSAGE Scheduled scan executed successfully

09:28:23 Doug IP-BLOCK 221.192.199.49

09:36:42 Doug IP-BLOCK 221.192.199.35

11:26:43 Doug IP-BLOCK 205.209.142.242

12:14:25 Doug IP-BLOCK 222.186.24.38

12:16:31 Doug IP-BLOCK 121.11.86.68

12:19:59 Doug IP-BLOCK 59.34.197.107

Thanks.

Link to post
Share on other sites

Hello again, in that case lets have a look at another log.

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logs as requested:

OTL logfile created on: 6/15/2010 2:16:11 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Doug\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 31.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 1534 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 17.47 Gb Free Space | 23.45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XPPRO

Current User Name: Doug

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/15 14:11:37 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe

PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/04/18 12:48:17 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/03/22 10:45:06 | 002,046,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/02/21 05:03:12 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe

PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

PRC - [2009/08/17 19:22:50 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/17 19:21:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2008/08/13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe

PRC - [2008/06/10 14:56:27 | 000,447,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/10/09 20:03:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/01/04 16:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2004/08/26 19:44:48 | 000,282,624 | ---- | M] (Digital Networks North America, Inc.) -- C:\WINDOWS\system32\RioMSC.exe

PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2003/06/17 14:43:42 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files\ACD Systems\DevDetect\DevDetect.exe

PRC - [2002/09/19 18:33:00 | 000,032,768 | ---- | M] () -- C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

PRC - [2002/09/19 18:31:46 | 000,102,400 | ---- | M] (Intel Corp.) -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe

PRC - [2002/08/14 14:08:06 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe

PRC - [2002/08/14 14:07:44 | 000,147,456 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADUserMon.exe

PRC - [2002/07/31 15:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe

PRC - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe

PRC - [2002/03/21 23:41:56 | 000,094,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

PRC - [2001/12/13 00:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

PRC - [2001/08/18 03:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe

========== Modules (SafeList) ==========

MOD - [2010/06/15 14:11:37 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe

MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)

SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)

SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009/12/09 18:02:38 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/08/17 19:21:19 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)

SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)

SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)

SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)

SRV - [2007/10/07 18:21:10 | 001,838,592 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager)

SRV - [2007/03/12 18:30:14 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2004/08/26 19:44:48 | 000,282,624 | ---- | M] (Digital Networks North America, Inc.) [Auto | Running] -- C:\WINDOWS\system32\RioMSC.exe -- (RioMSC)

SRV - [2002/09/19 18:31:46 | 000,102,400 | ---- | M] (Intel Corp.) [Auto | Running] -- C:\Program Files\Intel\Intel® Active Monitor\imonNT.exe -- (imonNT) Intel®

SRV - [2002/08/14 14:08:06 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)

SRV - [2002/07/31 15:15:18 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)

SRV - [2002/04/12 00:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

SRV - [2001/08/18 03:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)

========== Driver Services (SafeList) ==========

DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2009/12/18 10:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2009/12/02 15:23:40 | 000,149,040 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)

DRV - [2009/08/17 19:22:50 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/17 19:22:50 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/02/21 19:04:43 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV - [2006/04/07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)

DRV - [2006/02/04 08:12:59 | 000,028,416 | ---- | M] (Guidance Software Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\enportv.sys -- (enportv)

DRV - [2006/01/19 04:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2006/01/18 23:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2005/07/28 09:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)

DRV - [2005/07/20 19:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)

DRV - [2005/07/20 19:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)

DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2004/10/15 21:41:48 | 000,016,128 | ---- | M] (Digital Networks North America, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RIOUNIV.SYS -- (RIOUNIV)

DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/08/04 00:29:31 | 000,036,463 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ati1tuxx.sys -- (ATITUNEP) ATI WDM TV Tuner (Microsoft)

DRV - [2004/08/04 00:29:31 | 000,034,735 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ati1xsxx.sys -- (ATIXSAudio) ATI WDM TV Audio Crossbar (Microsoft)

DRV - [2004/08/04 00:29:30 | 000,063,663 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati1rvxx.sys -- (atinrvxx) ATI WDM Rage Theater Video (Microsoft)

DRV - [2004/08/04 00:29:29 | 000,012,047 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ati1pdxx.sys -- (PCDCODEC) ATI WDM Specialized PCD Codec (Microsoft)

DRV - [2004/08/04 00:29:29 | 000,011,615 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ati1mdxx.sys -- (MVDCODEC) ATI WDM Specialized MVD Codec (Microsoft)

DRV - [2004/08/04 00:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/08/04 00:29:26 | 000,327,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)

DRV - [2004/03/15 11:11:50 | 000,005,120 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\EGATHDRV.SYS -- (EGATHDRV)

DRV - [2002/09/19 18:29:26 | 000,007,424 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SIODRV.SYS -- (SIODRV)

DRV - [2002/09/19 18:29:02 | 000,016,480 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iSMBIOS.SYS -- (iSMBIOS)

DRV - [2002/07/31 15:15:18 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)

DRV - [2002/02/28 18:13:24 | 000,021,963 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smb.sys -- (smbusp) Intel®

DRV - [2002/01/08 14:16:06 | 000,006,656 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)

DRV - [2001/08/17 18:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)

DRV - [2001/08/17 18:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)

DRV - [2001/08/17 18:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)

DRV - [2001/08/17 18:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)

DRV - [2001/08/17 17:49:48 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ativxbar.sys -- (ATIVXSXX) ATI Audio Crossbar (ATIVXBAR)

DRV - [2001/08/17 17:49:36 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atipcxxx.sys -- (ATIPCXXX)

DRV - [2001/08/17 17:49:12 | 000,049,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atirtcap.sys -- (ATIVRVXX) ATI Rage Theatre Video (ATIRTCAP)

DRV - [2001/08/17 17:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)

DRV - [2001/08/17 07:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.drudgereport.com/

IE - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.drudgereport.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/21 10:57:02 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/30 11:32:42 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 10:08:45 | 000,000,000 | ---D | M]

[2010/02/22 16:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Mozilla\Extensions

[2009/03/25 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Mozilla\Extensions\home2@tomtom.com

[2010/04/30 16:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\d7lrcvcm.default\extensions

[2010/02/22 19:10:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\d7lrcvcm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/06/14 10:08:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/06/14 10:08:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/01/10 00:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com

[2010/06/14 10:08:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2006/06/22 14:44:00 | 002,078,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

[2007/01/05 10:31:49 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/06/03 14:38:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.

O3 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)

O3 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe (Iomega Corporation)

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Camera Detector] C:\Program Files\ACD Systems\DevDetect\DevDetect.exe (ACD Systems, Ltd.)

O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe ()

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [intelliType] C:\Program Files\Microsoft Hardware\Keyboard\type32.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)

O4 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)

O4 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0

O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..Trusted Domains: finehomebuilding.com ([www] https in Trusted sites)

O15 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..Trusted Domains: plateauwildlife.com ([mail] https in Trusted sites)

O15 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\..Trusted Domains: taunton.com ([reg] https in Trusted sites)

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.activation.rr.com/install/download/tgctlcm.cab (Support.com Configuration Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www.costcophotocenter.com/CostcoOutlookImport.cab (Snapfish Outlook Import ActiveX Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1...20/pmupd806.exe (MSN Money Charting)

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1101956813290 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1192471026077 (MUWebControl Class)

O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)

O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} https://www-307.ibm.com/pc/support/access/a...nt/IbmEgath.cab (Reg Error: Value error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://mail.plateauwildlife.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} http://www.costcophotocenter.com/CostcoUpload.cab (Snapfish File Upload ActiveX Control)

O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://kaseya.riata-tech.com/inc/kaxRemote.dll (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s...el_4.1.66.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - Reg Error: Key error. File not found

O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\WINDOWS\Downloaded Program Files\mimectl.dll ()

O18 - Protocol\Filter\video/x-flv {08C72DD4-19AD-49f1-83DA-8542B4D302C5} - Reg Error: Key error. File not found

O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\Documents and Settings\Doug\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doug\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2002/11/14 09:20:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/15 14:11:50 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe

[2010/06/14 15:15:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/06/14 10:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/14 10:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/06/14 10:08:45 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/06/14 10:08:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/06/14 10:08:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/06/14 10:08:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/06/14 10:08:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/06/14 10:03:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/06/12 23:31:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\Local Settings\Application Data\PCHealth

[2010/06/12 23:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth

[2010/06/11 16:40:15 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/06/03 16:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/06/03 14:56:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\My Documents\Malware Logs

[2010/06/03 14:18:52 | 000,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\redbook.sys

[2010/06/02 14:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\My Documents\Book Reviews

[2010/06/01 16:01:18 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/06/01 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center

[2010/05/27 10:40:06 | 000,000,000 | ---D | C] -- C:\_OTM

[2010/05/26 18:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doug\My Documents\Belkin Router

[2010/05/26 16:54:22 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/05/26 16:48:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/05/26 16:48:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/05/26 16:48:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/05/26 16:48:39 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/05/26 16:48:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/05/26 16:47:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/05/25 12:59:00 | 000,000,000 | ---D | C] -- C:\rsit

[2010/05/24 22:38:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore

[2010/05/24 22:36:27 | 000,000,000 | ---D | C] -- C:\acaef223b3beb048f035f7ca4d

[2010/05/20 13:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2010/05/20 13:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/15 14:36:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{22B9F4EE-F161-4ED4-9132-F02211555B6A}.job

[2010/06/15 14:35:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2010/06/15 14:11:37 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doug\Desktop\OTL.exe

[2010/06/15 14:02:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/15 11:02:05 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/15 10:00:17 | 000,167,424 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\06-15-10 Procedures.doc

[2010/06/14 20:18:00 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/06/14 20:15:17 | 000,012,612 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/06/14 20:13:58 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2010/06/14 20:13:32 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

[2010/06/14 20:12:32 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile

[2010/06/14 20:12:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/06/14 20:12:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/06/14 20:12:09 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys

[2010/06/14 20:10:48 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Doug\ntuser.dat

[2010/06/14 20:10:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Doug\ntuser.ini

[2010/06/14 20:10:27 | 008,051,304 | -H-- | M] () -- C:\Documents and Settings\Doug\Local Settings\Application Data\IconCache.db

[2010/06/14 10:08:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010/06/14 10:08:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010/06/14 10:08:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010/06/14 10:08:17 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010/06/14 10:08:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010/06/14 09:15:16 | 061,048,263 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/06/13 13:24:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

[2010/06/13 13:07:10 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/06/13 12:29:17 | 003,707,414 | R--- | M] () -- C:\Documents and Settings\Doug\Desktop\CF061310.exe

[2010/06/11 23:25:13 | 000,450,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/06/11 23:07:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/06/10 23:16:35 | 000,555,060 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/10 23:16:35 | 000,479,808 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/10 23:16:35 | 000,085,578 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/10 12:31:06 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\dds.com

[2010/06/10 12:23:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\dds_null1.scr

[2010/06/10 12:06:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Doug\defogger_reenable

[2010/06/10 12:03:44 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\Defogger.exe

[2010/06/06 05:54:57 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\Book List.xls

[2010/06/03 16:16:34 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/06/03 14:38:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/06/02 17:43:48 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\Shortcut to HousecallLauncher.lnk

[2010/06/02 08:38:13 | 000,044,544 | ---- | M] () -- C:\Documents and Settings\Doug\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/05/26 16:54:29 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/05/26 14:47:28 | 000,013,214 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\hijackthis1_052610

[2010/05/26 14:24:57 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\HijackThis.lnk

[2010/05/21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe

[2010/05/20 17:29:13 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\How To Make Your Own Luck.doc

[2010/05/20 12:56:09 | 000,014,305 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\greenkit2.jpg

[2010/05/19 21:05:19 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Doug\Desktop\Microsoft Streets & Trips.lnk

[2010/05/19 12:14:23 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/15 10:00:17 | 000,167,424 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\06-15-10 Procedures.doc

[2010/06/13 12:29:20 | 003,707,414 | R--- | C] () -- C:\Documents and Settings\Doug\Desktop\CF061310.exe

[2010/06/10 12:31:19 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\dds.com

[2010/06/10 12:23:58 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\dds_null1.scr

[2010/06/10 12:06:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Doug\defogger_reenable

[2010/06/10 12:03:43 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\Defogger.exe

[2010/06/03 16:22:15 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job

[2010/06/03 16:16:33 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/06/02 17:43:48 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\Shortcut to HousecallLauncher.lnk

[2010/05/26 16:54:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/05/26 16:54:26 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/05/26 16:48:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/05/26 16:48:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/05/26 16:48:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/05/26 16:48:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/05/26 16:48:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/05/26 14:47:28 | 000,013,214 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\hijackthis1_052610

[2010/05/26 14:24:57 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\HijackThis.lnk

[2010/05/20 12:56:43 | 000,014,305 | ---- | C] () -- C:\Documents and Settings\Doug\Desktop\greenkit2.jpg

[2010/05/19 12:14:23 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

[2010/04/30 17:33:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2010/04/29 16:19:59 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0402.old

[2010/01/14 10:55:42 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

[2009/02/21 19:04:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2009/01/23 16:37:10 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL

[2008/04/08 09:45:42 | 000,000,050 | ---- | C] () -- C:\WINDOWS\BRQIKMON.INI

[2008/03/29 17:34:30 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2007/10/22 15:06:29 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll

[2007/10/22 15:06:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll

[2006/03/29 11:48:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI

[2006/02/10 13:54:59 | 000,000,032 | ---- | C] () -- C:\WINDOWS\BrmfXCh1.ini

[2006/02/10 10:27:57 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini

[2006/02/04 08:13:01 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\gsimrxnp.dll

[2005/10/11 23:26:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini

[2005/10/11 23:08:49 | 000,000,054 | ---- | C] () -- C:\WINDOWS\brmx2001.ini

[2005/10/11 22:58:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini

[2005/10/11 22:56:29 | 000,000,885 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2005/10/11 22:56:29 | 000,000,471 | ---- | C] () -- C:\WINDOWS\brwmark.ini

[2005/10/11 22:56:29 | 000,000,147 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2005/10/11 22:56:29 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2005/10/11 22:53:01 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2005/08/02 09:08:33 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2005/05/30 13:14:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI

[2003/06/04 09:14:00 | 000,000,199 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003/06/04 09:13:54 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll

[2003/04/19 14:22:18 | 000,000,468 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2002/12/29 14:04:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI

[2002/12/19 18:08:03 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll

[2002/12/19 09:44:53 | 000,000,487 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2002/12/19 08:59:28 | 000,013,373 | ---- | C] () -- C:\WINDOWS\System32\vctest.ini

[2002/12/19 08:59:28 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

[2002/12/19 08:59:23 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll

[2002/12/19 08:59:23 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2002/12/19 08:59:11 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL

[2002/12/19 08:53:52 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys

[2002/12/19 08:53:49 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys

[2002/12/19 08:53:48 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativxbar.sys

[2002/12/19 08:53:46 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys

[2002/12/19 08:53:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\atipcxxx.sys

[2002/04/11 13:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll

[2002/03/21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

[2002/03/21 12:51:52 | 000,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll

[2002/03/21 12:51:52 | 000,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll

[2002/03/21 12:51:52 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll

[2002/03/21 12:51:52 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll

[2002/03/21 12:51:52 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll

[2002/03/21 12:51:52 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll

[2002/03/21 12:51:52 | 000,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll

[2002/03/20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll

[2002/03/20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll

[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll

[2001/12/26 21:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/04 04:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 21:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/24 03:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

--------------

OTL Extras logfile created on: 6/15/2010 2:16:11 PM - Run 1

OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Doug\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 315.00 Mb Available Physical Memory | 31.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 71.00% Paging File free

Paging file location(s): C:\pagefile.sys 1534 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.52 Gb Total Space | 17.47 Gb Free Space | 23.45% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: XPPRO

Current User Name: Doug

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [ACDBrowse] -- "C:\Program Files\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems, Ltd.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Rio\Rio Music Manager\riomm.exe" = C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager -- (Digital Networks North America, Inc.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office\WINWORD.EXE" = C:\Program Files\Microsoft Office\Office\WINWORD.EXE:*:Enabled:Microsoft Word for Windows -- (Microsoft Corporation)

"C:\Program Files\Red Chair Software\Riorad Explorer\riomgr.exe" = C:\Program Files\Red Chair Software\Riorad Explorer\riomgr.exe:*:Enabled:Riorad Xtreamer -- (Red Chair Software, Inc.)

"C:\Program Files\Red Chair Software\Riorad Explorer\riormgr.exe" = C:\Program Files\Red Chair Software\Riorad Explorer\riormgr.exe:*:Enabled:Riorad Xtreamer -- (Red Chair Software, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{029681AB-09AA-4EB5-9A1E-2B379CAF81A6}" = User Agent String Utility

"{06230E02-2B7E-11D2-92D0-0040051BD005}" = OLYMPUS CAMEDIA Master 2.5

"{17A7FDBC-FB38-4258-B623-BCBA212BC25D}" = Costco Photo Organizer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store

"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20

"{282EF7E3-AE54-48AE-A11D-27F512F23AB3}" = Rio Music Manager

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2E861EC9-FCB8-11D3-939A-00A0C9BA5A55}" = Intel® Active Monitor

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin

"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{433C19E3-1A26-11D6-8D5D-00105A22D3D2}" = ATI Multimedia Center 7.6.0.0

"{434C733C-27FA-423E-8CDC-F72B55631BA5}" = Rio Taxi

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager

"{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}" = Rio Internet Update

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5E51C4B6-D36C-4022-BE89-EAB3FEB5DA55}" = Datacard e-Guide - Magna

"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers

"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3

"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005

"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)

"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{94824ADD-8F26-43D2-84DB-22E11F377E5E}" = Microsoft English TTS Engine

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96172E04-BB14-45F6-A77B-8EE7A421B903}" = SAPI Wrapper

"{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}" = TTS Wrapper

"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+ for Windows

Link to post
Share on other sites

Hello again, please let me know how things are after the following fix.

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-725345543-1202660629-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Link to post
Share on other sites

Elise - OTL scan results below; IP blocks still occurring post OTL, log posted. Thanks.

All processes killed

========== OTL ==========

Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.

Registry key HKEY_USERS\S-1-5-21-725345543-1202660629-1343024091-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33726 bytes

->Flash cache emptied: 41 bytes

User: Doug

->Temp folder emptied: 5045171 bytes

->Temporary Internet Files folder emptied: 17556246 bytes

->Java cache emptied: 76542243 bytes

->FireFox cache emptied: 56850340 bytes

->Flash cache emptied: 201989 bytes

User: Guest

->Temp folder emptied: 2739808 bytes

->Temporary Internet Files folder emptied: 2667790 bytes

->Java cache emptied: 57015 bytes

->Flash cache emptied: 4275 bytes

User: LocalService

->Temp folder emptied: 65536 bytes

->Temporary Internet Files folder emptied: 128210 bytes

->Flash cache emptied: 348 bytes

User: NetworkService

->Temp folder emptied: 47038 bytes

->Temporary Internet Files folder emptied: 33232 bytes

->Flash cache emptied: 10107 bytes

User: Randy

User: TEMP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 958 bytes

->Java cache emptied: 1896960 bytes

->Flash cache emptied: 0 bytes

User: User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 78991 bytes

->Flash cache emptied: 10971 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 38802 bytes

%systemroot%\System32 .tmp files removed: 720896 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 285184 bytes

Windows Temp folder emptied: 718985 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34282 bytes

RecycleBin emptied: 40369109 bytes

Total Files Cleaned = 197.00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06152010_180630

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_1ec.dat not found!

Registry entries deleted on Reboot...

=======================

01:00:00 Doug ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:00:00 Doug MESSAGE Scheduled scan executed successfully

09:28:23 Doug IP-BLOCK 221.192.199.49

09:36:42 Doug IP-BLOCK 221.192.199.35

11:26:43 Doug IP-BLOCK 205.209.142.242

12:14:25 Doug IP-BLOCK 222.186.24.38

12:16:31 Doug IP-BLOCK 121.11.86.68

12:19:59 Doug IP-BLOCK 59.34.197.107

13:03:39 Doug IP-BLOCK 218.8.245.123

15:10:25 Doug IP-BLOCK 121.8.249.123

15:59:54 Doug IP-BLOCK 221.192.199.49

16:05:50 Doug IP-BLOCK 222.186.25.17

18:13:48 Doug MESSAGE Protection started successfully

18:14:02 Doug MESSAGE IP Protection started successfully

18:15:58 Doug IP-BLOCK 218.8.245.123

18:50:32 (null) MESSAGE Protection started successfully

18:51:44 Doug MESSAGE IP Protection started successfully

20:46:21 Doug IP-BLOCK 221.192.199.49

Link to post
Share on other sites

Hello again, except for those IP blocks, what other problems do you still have?

  • Please download TDSSKiller.zip and save it to your desktop.
  • Extract the zip file to your desktop (important, before continuing, make sure the file is located on your desktop, otherwise the following steps will not work!). Do NOT run the file yet!
  • Click Start > Run and copy paste the following bolded text in the run box
    "%userprofile%\desktop\tdsskiller.exe" -l report.txt
  • When it finished press any key to continue.
  • If needed reboot the computer.

A logfile (report.txt) will be created on your desktop. Please post its contents in your next reply.

Link to post
Share on other sites

Only other noticeable problems are occasional hangups/delays in launching IE or MS Outlook. I have about a 1,000 messages in the Inbox, so that could be an issue; or don't know if the various scanning software may cause some delay. It does seem to occur most often the first time apps are opened following a reboot.

TDSSKiller run - results:

10:17:43:727 0256 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48

10:17:43:727 0256 ================================================================================

10:17:43:727 0256 SystemInfo:

10:17:43:727 0256 OS Version: 5.1.2600 ServicePack: 3.0

10:17:43:727 0256 Product type: Workstation

10:17:43:727 0256 ComputerName: XPPRO

10:17:43:727 0256 UserName: Doug

10:17:43:727 0256 Windows directory: C:\WINDOWS

10:17:43:727 0256 Processor architecture: Intel x86

10:17:43:727 0256 Number of processors: 1

10:17:43:727 0256 Page size: 0x1000

10:17:43:747 0256 Boot type: Normal boot

10:17:43:747 0256 ================================================================================

10:17:44:818 0256 Initialize success

10:17:44:818 0256

10:17:44:818 0256 Scanning Services ...

10:17:45:179 0256 Raw services enum returned 393 services

10:17:45:199 0256

10:17:45:199 0256 Scanning Drivers ...

10:17:45:870 0256 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

10:17:45:930 0256 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

10:17:45:980 0256 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

10:17:46:060 0256 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

10:17:46:130 0256 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

10:17:46:190 0256 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\AGP440.SYS

10:17:46:391 0256 akshasp (d5987b854a62867d399a3d3d744547e5) C:\WINDOWS\system32\DRIVERS\akshasp.sys

10:17:46:481 0256 aksusb (25c07de96a774622001935e36693c9c2) C:\WINDOWS\system32\DRIVERS\aksusb.sys

10:17:46:691 0256 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

10:17:46:751 0256 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

10:17:46:871 0256 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys

10:17:46:971 0256 ati2mtaa (2d030c2f6b036ca0bc243e1b16d924d1) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys

10:17:47:112 0256 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

10:17:47:252 0256 atinrvxx (bcaf267b10620f8c93f6e87ab726e145) C:\WINDOWS\system32\DRIVERS\ati1rvxx.sys

10:17:47:362 0256 ATIPCXXX (7b22151163fee1203a8b021aed935b59) C:\WINDOWS\system32\DRIVERS\atipcxxx.sys

10:17:47:432 0256 ATITUNEP (6f714b4720dd80ffa9f8d2731594ea4c) C:\WINDOWS\system32\DRIVERS\ati1tuxx.sys

10:17:47:502 0256 ATIVRVXX (6c9d305c3a68a02a89c0cbbdbed3e893) C:\WINDOWS\system32\DRIVERS\atirtcap.sys

10:17:47:572 0256 ATIVXSXX (c9599d2569e85c74a19ec1b9e72469f1) C:\WINDOWS\system32\DRIVERS\ativxbar.sys

10:17:47:662 0256 ATIXSAudio (0d8cab1f08f7d3c4de228b49e12e596a) C:\WINDOWS\system32\DRIVERS\ati1xsxx.sys

10:17:47:743 0256 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

10:17:47:813 0256 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

10:17:47:893 0256 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys

10:17:47:983 0256 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys

10:17:48:043 0256 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

10:17:48:123 0256 BrScnUsb (92a964547b96d697e5e9ed43b4297f5a) C:\WINDOWS\system32\Drivers\BrScnUsb.sys

10:17:48:183 0256 BrSerIf (d48c13f4a409aee8dafaddac81e34557) C:\WINDOWS\system32\Drivers\BrSerIf.sys

10:17:48:263 0256 BrUsbSer (8fa0ac830a8312912a3aa0c0431cba0d) C:\WINDOWS\system32\Drivers\BrUsbSer.sys

10:17:48:494 0256 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

10:17:48:564 0256 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

10:17:48:684 0256 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

10:17:48:734 0256 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

10:17:48:814 0256 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

10:17:48:924 0256 CINEMSUP (3e70b97f43413c504c895d7593597dd2) C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS

10:17:49:064 0256 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

10:17:49:145 0256 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

10:17:49:305 0256 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

10:17:49:405 0256 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

10:17:49:515 0256 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

10:17:49:665 0256 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

10:17:49:846 0256 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

10:17:49:936 0256 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

10:17:49:996 0256 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

10:17:50:056 0256 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS

10:17:50:116 0256 enportv (72618f319cd573ddb72177bc29bb529b) C:\WINDOWS\system32\drivers\enportv.sys

10:17:50:206 0256 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

10:17:50:366 0256 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

10:17:50:446 0256 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

10:17:50:537 0256 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

10:17:50:667 0256 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

10:17:50:807 0256 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

10:17:50:887 0256 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

10:17:50:987 0256 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

10:17:51:057 0256 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\WINDOWS\system32\drivers\grmnusb.sys

10:17:51:197 0256 Hardlock (c1cc0c9742b881c42f1cc628e6f9ebd1) C:\WINDOWS\system32\drivers\hardlock.sys

10:17:51:488 0256 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

10:17:51:658 0256 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

10:17:51:808 0256 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

10:17:51:888 0256 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

10:17:52:009 0256 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

10:17:52:079 0256 iomdisk (44e43a5162be546f71126d9adebea005) C:\WINDOWS\system32\DRIVERS\iomdisk.sys

10:17:52:169 0256 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

10:17:52:249 0256 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

10:17:52:379 0256 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

10:17:52:479 0256 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

10:17:52:610 0256 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

10:17:52:710 0256 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

10:17:52:810 0256 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

10:17:52:920 0256 iSMBIOS (45df07e6e4770fa61f54962829194fe1) C:\WINDOWS\System32\drivers\iSMBIOS.SYS

10:17:53:000 0256 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

10:17:53:100 0256 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

10:17:53:190 0256 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\WINDOWS\system32\drivers\klmd.sys

10:17:53:280 0256 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

10:17:53:401 0256 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

10:17:53:531 0256 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys

10:17:53:631 0256 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

10:17:53:731 0256 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

10:17:53:831 0256 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

10:17:53:921 0256 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

10:17:54:012 0256 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

10:17:54:112 0256 MpFilter (dfa1cd670ea50a21c87c92c727c50950) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

10:17:54:382 0256 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

10:17:54:502 0256 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

10:17:54:622 0256 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

10:17:54:713 0256 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

10:17:54:823 0256 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

10:17:54:933 0256 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

10:17:55:033 0256 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

10:17:55:123 0256 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

10:17:55:213 0256 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

10:17:55:373 0256 MVDCODEC (60b6aa2dc1521da343f781b70eb7895a) C:\WINDOWS\system32\DRIVERS\ati1mdxx.sys

10:17:55:454 0256 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

10:17:55:574 0256 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

10:17:55:654 0256 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

10:17:55:764 0256 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

10:17:55:894 0256 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

10:17:55:974 0256 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

10:17:56:075 0256 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

10:17:56:175 0256 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

10:17:56:325 0256 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

10:17:56:435 0256 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

10:17:56:565 0256 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

10:17:56:715 0256 NTIDrvr (15a72d5b8f0b6a718207f14bd5ebb8ff) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys

10:17:56:786 0256 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

10:17:56:866 0256 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

10:17:56:956 0256 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

10:17:57:066 0256 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

10:17:57:166 0256 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

10:17:57:256 0256 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

10:17:57:396 0256 PCDCODEC (6fdc61e8e8e17f6ecc2d9a10fa8df347) C:\WINDOWS\system32\DRIVERS\ati1pdxx.sys

10:17:57:487 0256 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

10:17:57:637 0256 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

10:17:57:877 0256 Point32 (cf7c1868b90c90a265fc3f60ce46265b) C:\WINDOWS\system32\DRIVERS\point32.sys

10:17:57:947 0256 ppa (411923a60e1fc2b136c77e6d50fc69bd) C:\WINDOWS\system32\DRIVERS\ppa.sys

10:17:58:017 0256 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

10:17:58:107 0256 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

10:17:58:208 0256 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

10:17:58:338 0256 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

10:17:58:428 0256 Ptserlp (ace8fe0e920cb8fba057c024ead33f84) C:\WINDOWS\system32\DRIVERS\ptserlp.sys

10:17:58:528 0256 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys

10:17:58:728 0256 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

10:17:58:818 0256 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

10:17:58:909 0256 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

10:17:58:989 0256 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

10:17:59:069 0256 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

10:17:59:169 0256 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

10:17:59:269 0256 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

10:17:59:389 0256 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

10:17:59:509 0256 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

10:17:59:680 0256 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

10:17:59:800 0256 RIOUNIV (f772c4ba29f4117d15c66f63d010d9f0) C:\WINDOWS\system32\Drivers\RIOUNIV.sys

10:17:59:930 0256 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

10:18:00:000 0256 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

10:18:00:090 0256 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

10:18:00:180 0256 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

10:18:00:281 0256 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

10:18:00:411 0256 SIODRV (a92b86123d938166d546994bc97dc7ba) C:\WINDOWS\System32\drivers\SIODRV.SYS

10:18:00:491 0256 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

10:18:00:571 0256 smbusp (aa0e6f6d4473cb867c592d0db6fad309) C:\WINDOWS\system32\DRIVERS\smb.sys

10:18:00:721 0256 smwdm (a38bf5ba8bf3b6f72a7f320c1a8e9123) C:\WINDOWS\system32\drivers\smwdm.sys

10:18:01:152 0256 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

10:18:01:212 0256 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

10:18:01:372 0256 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys

10:18:01:502 0256 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

10:18:01:592 0256 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

10:18:01:723 0256 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

10:18:01:833 0256 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

10:18:02:043 0256 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

10:18:02:133 0256 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

10:18:02:263 0256 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

10:18:02:384 0256 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

10:18:02:464 0256 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

10:18:02:594 0256 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

10:18:02:744 0256 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

10:18:02:884 0256 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

10:18:03:014 0256 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

10:18:03:125 0256 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

10:18:03:215 0256 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

10:18:03:335 0256 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

10:18:03:415 0256 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

10:18:03:495 0256 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

10:18:03:625 0256 Vmodem (b289d19df6103352d3c4b13c0ed79331) C:\WINDOWS\system32\DRIVERS\vmodem.sys

10:18:03:776 0256 VNUSB (ae01e1ed5a81e0d268b91b4a6de5a872) C:\WINDOWS\system32\DRIVERS\VNUSB.sys

10:18:03:876 0256 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

10:18:03:986 0256 Vpctcom (4a4448332075c5a909df123c21616b2a) C:\WINDOWS\system32\DRIVERS\vpctcom.sys

10:18:04:116 0256 Vvoice (120e61aac05f00c867a32de493dab9b4) C:\WINDOWS\system32\DRIVERS\vvoice.sys

10:18:04:206 0256 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

10:18:04:346 0256 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

10:18:04:427 0256 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

10:18:04:537 0256 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

10:18:04:647 0256 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

10:18:04:777 0256 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

10:18:04:907 0256 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

10:18:04:937 0256

10:18:04:937 0256 Completed

10:18:04:937 0256

10:18:04:937 0256 Results:

10:18:04:937 0256 Registry objects infected / cured / cured on reboot: 0 / 0 / 0

10:18:04:937 0256 File objects infected / cured / cured on reboot: 0 / 0 / 0

10:18:04:947 0256

10:18:04:947 0256 KLMD(ARK) unloaded successfully

Thanks, Elise.

Link to post
Share on other sites

Please run the following CFScript and let me know if that fixes the MBAM pop ups.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 1 (0x1)

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

I disconnected cable modem and disabled firewall and all AV/protection programs, then ran CF as requested.

ComboFix 10-06-15.04 - Doug 06/16/2010 12:31:43.5.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.379 [GMT -5:00]

Running from: c:\documents and settings\Doug\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Doug\Desktop\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))

.

2010-06-15 23:06 . 2010-06-15 23:06 -------- d-----w- C:\_OTL

2010-06-14 20:15 . 2010-06-14 20:15 -------- d-----w- c:\program files\ESET

2010-06-14 15:09 . 2010-06-14 15:09 -------- d-----w- c:\program files\Common Files\Java

2010-06-14 15:09 . 2010-06-14 15:09 503808 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-33d78a18-n\msvcp71.dll

2010-06-14 15:09 . 2010-06-14 15:09 499712 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-33d78a18-n\jmc.dll

2010-06-14 15:09 . 2010-06-14 15:09 348160 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-33d78a18-n\msvcr71.dll

2010-06-14 15:09 . 2010-06-14 15:09 61440 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48cf37d6-n\decora-sse.dll

2010-06-14 15:09 . 2010-06-14 15:09 12800 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-48cf37d6-n\decora-d3d.dll

2010-06-14 15:08 . 2010-06-14 15:08 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-06-13 04:31 . 2010-06-13 04:31 -------- d-----w- c:\documents and settings\Doug\Local Settings\Application Data\PCHealth

2010-06-13 04:31 . 2010-06-13 04:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth

2010-06-11 21:40 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-06-04 04:03 . 2010-06-04 04:03 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

2010-06-03 21:16 . 2010-06-03 21:17 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-06-03 19:18 . 2008-04-13 18:40 57600 -c--a-w- c:\windows\system32\dllcache\redbook.sys

2010-06-03 19:18 . 2008-04-13 18:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

2010-06-01 21:01 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-06-01 13:20 . 2010-06-01 13:30 -------- d-----w- c:\program files\Windows Live Safety Center

2010-05-27 15:40 . 2010-05-27 15:40 -------- d-----w- C:\_OTM

2010-05-25 17:59 . 2010-05-25 18:00 -------- d-----w- C:\rsit

2010-05-25 12:14 . 2010-05-25 12:14 42368 ----a-w- c:\windows\system32\drivers\AGP440.SYS

2010-05-25 03:38 . 2010-05-25 12:16 -------- d-----w- c:\windows\system32\MpEngineStore

2010-05-25 03:36 . 2010-05-25 12:16 -------- d-----w- C:\acaef223b3beb048f035f7ca4d

2010-05-20 18:47 . 2010-05-20 18:47 -------- d-----w- c:\program files\DIFX

2010-05-20 18:46 . 2010-05-20 18:46 -------- d-----w- c:\program files\Garmin

2010-05-20 01:08 . 2010-05-20 01:08 388096 ----a-r- c:\documents and settings\Doug\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-15 19:35 . 2008-03-02 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2010-06-14 14:01 . 2007-06-23 03:51 -------- d-----w- c:\program files\Java

2010-06-07 16:40 . 2008-07-25 14:54 -------- d-----w- c:\program files\Microsoft Silverlight

2010-06-04 23:22 . 2010-01-14 16:40 -------- d-----w- c:\documents and settings\Doug\Application Data\PrimoPDF

2010-06-03 15:48 . 2010-05-10 19:39 -------- d-----w- c:\program files\Analog Devices

2010-05-25 17:59 . 2006-03-16 03:48 -------- d-----w- c:\program files\Trend Micro

2010-05-12 18:56 . 2005-06-10 23:29 -------- d-----w- c:\program files\Lavasoft

2010-05-10 19:40 . 2002-12-19 13:58 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-05-10 19:23 . 2010-05-10 19:23 -------- d-----w- c:\program files\SystemRequirementsLab

2010-05-06 10:41 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll

2010-05-05 06:17 . 2010-04-29 15:14 -------- d-----w- c:\documents and settings\Doug\Application Data\3B4B9E60933DD2591D35596DBB73B27B

2010-05-03 01:17 . 2010-05-03 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion

2010-05-02 07:00 . 2010-05-02 07:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\Malwarebytes

2010-05-02 05:22 . 2001-08-18 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys

2010-05-01 16:27 . 2010-04-30 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-01 08:38 . 2008-05-27 11:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8

2010-05-01 00:42 . 2009-10-21 22:04 -------- d-----w- c:\program files\Uniblue

2010-05-01 00:03 . 2010-02-20 16:42 -------- d-----w- c:\documents and settings\Doug\Application Data\Uniblue

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Spyware Doctor

2010-04-30 22:47 . 2010-04-29 21:18 -------- d-----w- c:\program files\Common Files\PC Tools

2010-04-30 22:45 . 2010-04-29 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-30 21:07 . 2004-10-31 14:29 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-30 19:01 . 2009-07-23 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-04-29 21:08 . 2010-04-29 21:08 711168 ----a-w- c:\windows\is-IV4HO.exe

2010-04-29 20:39 . 2010-05-01 16:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-29 20:39 . 2010-05-01 16:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-20 05:30 . 2001-08-18 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

2010-04-18 17:50 . 2010-04-18 17:50 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

2010-04-18 17:50 . 2010-04-18 17:50 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

2010-04-18 17:50 . 2010-04-18 17:50 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

2010-04-18 17:50 . 2010-04-18 17:50 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

2010-04-18 17:50 . 2010-04-18 17:50 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

2010-04-18 17:50 . 2010-04-18 17:50 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Common Files\Real

2010-04-18 17:49 . 2006-04-24 20:36 -------- d-----w- c:\program files\Real

2010-04-18 17:49 . 2010-04-18 17:49 -------- d-----w- c:\program files\Common Files\xing shared

2010-04-18 17:48 . 2003-02-21 04:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

2010-04-18 17:32 . 2010-04-18 17:32 734728 ----a-w- c:\documents and settings\Doug\Application Data\Real\RealPlayer\setup\AU_setup13.exe

2010-04-17 15:25 . 2010-04-17 15:25 439816 ----a-w- c:\documents and settings\Doug\Application Data\Real\Update\setup3.10\setup.exe

2010-04-13 21:55 . 2009-11-22 13:20 79488 ----a-w- c:\documents and settings\Doug\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll

2010-03-23 19:47 . 2009-07-14 18:36 256 ----a-w- c:\documents and settings\Doug\pool.bin

2007-10-07 17:19 . 2007-10-07 17:19 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-06-13_18.07.09 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-06-15 23:48 . 2010-06-15 23:48 16384 c:\windows\Temp\Perflib_Perfdata_1f4.dat

+ 2010-06-15 20:03 . 2010-06-15 20:03 21504 c:\windows\Installer\40c6f79.msi

+ 2010-06-14 15:08 . 2010-06-14 15:08 153376 c:\windows\system32\javaws.exe

+ 2010-06-14 15:08 . 2010-06-14 15:08 145184 c:\windows\system32\javaw.exe

+ 2010-06-14 15:08 . 2010-06-14 15:08 145184 c:\windows\system32\java.exe

+ 2010-06-14 15:09 . 2010-06-14 15:09 180224 c:\windows\Installer\be6ae.msi

+ 2010-06-14 15:08 . 2010-06-14 15:08 576000 c:\windows\Installer\be6a9.msi

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]

"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-08-14 147456]

"IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-09-19 32768]

"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]

"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-10-07 1838592]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-22 2046816]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-18 202256]

"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-07-07 77824]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2005-10-11 798720]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-18 00:22 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Device Detector 3.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk

backup=c:\windows\pss\Device Detector 3.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk

backup=c:\windows\pss\HotSync Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad Manager.lnk

backup=c:\windows\pss\Riorad Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Doug^Start Menu^Programs^Startup^Riorad SB-Riot Manager.lnk]

path=c:\documents and settings\Doug\Start Menu\Programs\Startup\Riorad SB-Riot Manager.lnk

backup=c:\windows\pss\Riorad SB-Riot Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]

2010-03-29 19:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]

2010-03-11 03:32 648536 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]

2008-08-13 20:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2004-07-07 16:53 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]

2009-07-08 18:31 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office\\WINWORD.EXE"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riomgr.exe"=

"c:\\Program Files\\Red Chair Software\\Riorad Explorer\\riormgr.exe"=

R0 ppa;Iomega Parallel Port Filter Driver;c:\windows\system32\drivers\ppa.sys [1/5/2003 2:25 PM 17792]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 6:41 AM 335240]

R1 enportv;enportv;c:\windows\system32\drivers\enportv.sys [2/4/2006 8:12 AM 28416]

R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 1:08 PM 297752]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/1/2010 11:27 AM 304464]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/6/2007 5:09 PM 24652]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/1/2010 11:27 AM 20952]

S1 MpKsl75be3789;MpKsl75be3789;\??\c:\windows\system32\MpEngineStore\MpKsl75be3789.sys --> c:\windows\system32\MpEngineStore\MpKsl75be3789.sys [?]

S2 gupdate1c98ac2b8b1b730;Google Update Service (gupdate1c98ac2b8b1b730);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 9:28 AM 133104]

S3 ATIPCXXX;ATI Parental control device;c:\windows\system32\drivers\atipcxxx.sys [12/19/2002 8:53 AM 10240]

S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [12/19/2002 8:53 AM 49920]

S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);c:\windows\system32\drivers\ativxbar.sys [12/19/2002 8:53 AM 26624]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]

S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMD23

*Deregistered* - klmd23

.

Contents of the 'Scheduled Tasks' folder

2010-06-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-07 00:03]

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 14:28]

2010-06-15 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]

2010-06-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-725345543-1202660629-1343024091-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 03:09]

2010-06-16 c:\windows\Tasks\User_Feed_Synchronization-{22B9F4EE-F161-4ED4-9132-F02211555B6A}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]

2010-06-15 c:\windows\Tasks\WGASetup.job

- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.drudgereport.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uCustomizeSearch = hxxp://ie.search.msn.com

Trusted Zone: finehomebuilding.com\www

Trusted Zone: plateauwildlife.com\mail

Trusted Zone: taunton.com\reg

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Doug\Application Data\Mozilla\Firefox\Profiles\d7lrcvcm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.drudgereport.com/

FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-16 12:44

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(336)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-06-16 12:51:34

ComboFix-quarantined-files.txt 2010-06-16 17:51

ComboFix2.txt 2010-06-13 18:15

ComboFix3.txt 2010-06-03 19:51

ComboFix4.txt 2010-05-27 03:22

ComboFix5.txt 2010-06-16 17:27

Pre-Run: 18,846,150,656 bytes free

Post-Run: 18,837,598,208 bytes free

- - End Of File - - 44D768D1C11F71D1A89076FBBB374E43

Link to post
Share on other sites

Please click Start > Run, type cmd in the runbox and press enter.

Type the following line at the command prompt and press enter

netsh firewall set opmode ENABLE

This should take a few seconds and you should then see OK.

Please let me know if this worked.

Link to post
Share on other sites

Ran cmd as requested and received OK.

Also, I checked the MBAM log for today (prior to running above cmd) and there have been no IP blocks since ComboFix ran per the previous instruction and MBAM protection restarted thereafter.

01:00:00 Doug ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007

02:00:00 Doug MESSAGE Scheduled scan executed successfully

08:31:06 Doug IP-BLOCK 222.186.24.38

09:02:55 Doug IP-BLOCK 222.189.238.209

09:15:47 Doug IP-BLOCK 174.36.194.105

09:56:39 Doug IP-BLOCK 174.36.194.101

10:09:11 Doug IP-BLOCK 221.192.199.35

11:34:14 Doug IP-BLOCK 221.192.199.49

11:44:57 Doug IP-BLOCK 121.11.86.68

11:59:37 Doug IP-BLOCK 121.11.86.68

12:04:10 Doug IP-BLOCK 218.8.245.123

12:25:42 Doug MESSAGE IP Protection stopped

12:53:45 Doug MESSAGE IP Protection started successfully

I'll keep checking the MBAM log file to see if any IP blocks resume and let you know one way or the other by tomorrow.

Assuming I'm finally cleaned up, if you have any recommendations regarding additional/alternative software protection, I would appreciate you letting me know. (Current: Windows Firewall, MBAM, AVG (Free) and Microsoft Security Essentials, Spybot scans (TeaTimer disabled).

Thanks again for your assistance.

Doug

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.