Stop Errors, redirects, can't load AV software or websites

[Chellenger]

I came down with this computer cancer yesterday. Symptoms include google redirects and inability to run Av software or load relevant websites even in safe mode. I can use the thing in safe mode but a normal boot results in stop(0x0000008E) error within 30 seconds of windows loading.

I got MalwareBytes and Hijack to work by renaming, but the Panda site is blocked. Had no trouble with OT.

Anything else?

OTListIt.Txt

OTListIt.Txt

mbam_log_2008_11_13__11_10_53_.txt

OTListIt.Txt

OTListIt.Txt

mbam_log_2008_11_13__11_10_53_.txt

[Chellenger]

My bad. Here's the HJT log.

HJT.Txt

HJT.Txt

[JeanInMontana]

Please post your logs in the body of your reply not as an attachment.

[Chellenger]

Please post your logs in the body of your reply not as an attachment.

Malwarebytes' Anti-Malware 1.30

Database version: 1306

Windows 5.1.2600 Service Pack 2

11/13/2008 11:10:53 AM

mbam-log-2008-11-13 (11-10-53).txt

Scan type: Quick Scan

Objects scanned: 51116

Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\winamp3_0-full.exe (Trojan.Agent) -> Not selected for removal.

C:\winzip81.exe (Trojan.Agent) -> Not selected for removal.

OTListIt logfile created on: 11/13/2008 11:04:10 AM - Run

OTListIt by OldTimer - Version 1.0.12.0 Folder = G:\

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 78.64% Memory free

2.86 Gb Paging File | 2.72 Gb Available in Paging File | 95.22% Paging File free

Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 18.64 Gb Total Space | 4.40 Gb Free Space | 23.60% Space Free | Partition Type: NTFS

Drive D: | 45.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

E: Drive not present or media not loaded

Drive F: | 149.05 Gb Total Space | 6.71 Gb Free Space | 4.50% Space Free | Partition Type: NTFS

Drive G: | 15.01 Gb Total Space | 13.03 Gb Free Space | 86.84% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HC

Current User Name: user

Logged in as Administrator.

Current Boot Mode: SafeMode with Networking

Scan Mode: All users

Whitelist: On

File Age = 30 Days

========== Processes ==========

[2008/11/13 11:00:42 | 00,418,304 | ---- | M] (OldTimer Tools) -- G:\OTListIt.exe

========== (O23) Win32 Services ==========

[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])

[2008/07/19 08:25:06 | 00,016,056 | ---- | M] (ALWIL Software) -- f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Stopped])

[2007/12/04 20:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])

[2007/12/05 14:17:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart [Disabled | Stopped])

[2008/07/19 08:38:28 | 00,147,640 | ---- | M] (ALWIL Software) -- f:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Stopped])

[2008/07/19 08:38:04 | 00,250,040 | ---- | M] (ALWIL Software) -- f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Stopped])

[2008/07/23 08:25:45 | 00,348,344 | ---- | M] (ALWIL Software) -- f:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Stopped])

[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])

[2001/09/10 18:08:50 | 00,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv [Disabled | Stopped])

[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])

[2007/10/24 15:44:17 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [Disabled | Stopped])

[2007/04/19 08:00:01 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])

[2003/04/01 22:08:30 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV [Disabled | Stopped])

[2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [Disabled | Stopped])

File not found -- -- (iPodService [Disabled | Stopped])

[2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS [Disabled | Stopped])

[2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Disabled | Stopped])

[2008/01/07 23:57:00 | 00,306,432 | ---- | M] (TuneUp Software GmbH) -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag [Disabled | Stopped])

[2004/03/15 22:40:52 | 00,112,128 | ---- | M] (TuneUp Software GmbH) -- C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc [Disabled | Stopped])

========== Driver Services ==========

[2008/01/18 16:16:22 | 00,083,880 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016bus.sys -- (a016bus [On_Demand | Stopped])

[2008/01/18 16:16:24 | 00,015,016 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdfl.sys -- (a016mdfl [On_Demand | Stopped])

[2008/01/18 16:16:26 | 00,110,504 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mdm.sys -- (a016mdm [On_Demand | Stopped])

[2008/01/18 16:16:26 | 00,104,488 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016mgmt.sys -- (a016mgmt [On_Demand | Stopped])

[2008/01/18 16:16:28 | 00,100,648 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\a016obex.sys -- (a016obex [On_Demand | Stopped])

[2004/04/30 09:37:02 | 00,160,640 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus [boot | Running])

[2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi [boot | Running])

[2008/07/19 08:32:15 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [system | Stopped])

[2007/06/07 16:18:25 | 00,021,035 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Stopped])

[2004/10/07 19:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [system | Running])

[2004/08/03 23:59:20 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys -- (AmdK7 [system | Stopped])

[2008/07/19 08:37:42 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk [Auto | Stopped])

[2008/07/19 08:37:21 | 00,094,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Stopped])

[2008/07/19 08:33:42 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Stopped])

[2008/07/19 08:35:18 | 00,078,416 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [system | Stopped])

[2008/07/19 08:32:36 | 00,042,912 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [system | Running])

[2007/12/04 23:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (BtAudio [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (BTDriver [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (BTWDNDIS [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (BTWUSB [On_Demand | Stopped])

[2001/09/10 18:09:46 | 00,057,392 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla [On_Demand | Stopped])

[2007/11/18 18:18:49 | 00,006,704 | ---- | M] () -- C:\WINDOWS\system32\drivers\EMSUSB2.SYS -- (EMSUSB2 [On_Demand | Stopped])

[2004/10/25 20:02:00 | 00,021,664 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH [On_Demand | Stopped])

[2002/12/23 03:54:00 | 00,010,496 | R--- | M] (NETGEAR Inc.) -- C:\WINDOWS\system32\drivers\fa120.sys -- (fa120 [On_Demand | Stopped])

[2004/03/26 13:08:54 | 00,122,112 | ---- | M] (Cisco-Linksys LLC.) -- C:\WINDOWS\system32\drivers\vnet58lx.sys -- (FVNETusb [On_Demand | Stopped])

[2005/02/02 00:21:04 | 00,014,408 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])

[2003/09/30 10:27:04 | 00,038,176 | ---- | M] () -- C:\WINDOWS\system32\drivers\hpfecp06.sys -- (HPFECP06 [Auto | Stopped])

[2004/03/22 04:35:48 | 00,051,088 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\hpzid412.sys -- (HPZid412 [On_Demand | Stopped])

[2004/03/22 04:35:52 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])

[2004/03/22 04:35:58 | 00,021,744 | ---- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])

[2002/11/28 21:23:24 | 00,039,048 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2 [On_Demand | Stopped])

[2004/08/03 23:58:34 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])

[2007/09/05 00:46:34 | 00,092,544 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus [On_Demand | Running])

[2002/01/24 04:45:37 | 00,015,399 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\system32\drivers\netmotcm.sys -- (ndiscm [On_Demand | Stopped])

[2004/06/03 10:40:46 | 00,079,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus [boot | Running])

[2004/10/22 11:38:28 | 00,053,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax [On_Demand | Stopped])

[2004/01/29 01:45:50 | 00,093,764 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET [On_Demand | Running])

[2004/10/22 11:41:46 | 00,413,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce [On_Demand | Stopped])

[2004/04/02 15:40:00 | 00,021,760 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp [boot | Running])

[2002/08/29 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])

[2006/03/09 05:00:00 | 00,046,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])

[2007/10/30 12:05:00 | 00,009,088 | ---- | M] () -- F:\Program Files\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32 [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (RT73 [On_Demand | Stopped])

[2008/11/11 10:50:28 | 00,004,096 | -H-- | M] () -- ._.Trashes -- (RTLWUSB [On_Demand | Stopped])

[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [Auto | Stopped])

[2006/03/14 06:22:00 | 00,090,176 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\system32\drivers\sentinel.sys -- (Sentinel [Auto | Stopped])

[2007/09/26 14:00:43 | 00,685,816 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [boot | Running])

[2005/11/01 23:17:54 | 00,189,920 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt [Auto | Stopped])

[2005/04/12 18:21:28 | 00,010,144 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])

[2005/04/12 18:21:32 | 00,022,240 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter [On_Demand | Running])

[2005/04/12 18:21:28 | 00,005,600 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])

[2005/04/12 18:21:26 | 00,045,504 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])

[2003/12/02 12:26:06 | 00,021,627 | ---- | M] (Exent Technologies Ltd.) -- C:\Program Files\EXEtender\X4HS32.sys -- (X4HS32 [Auto | Stopped])

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Stopped])

========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions =

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\S-1-5-21-1229272821-1767777339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-21-1229272821-1767777339-725345543-1004\S-1-5-21-1229272821-1767777339-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (504177 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 ban.ads2008.info

O1 - Hosts: 127.0.0.1 vip.ads2008.info

O1 - Hosts: 127.0.0.1 en.swfads.info

O1 - Hosts: 127.0.0.1 ad.userads.info

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 ad588.net #[Win32/PSW.Legendmir]

O1 - Hosts: 127.0.0.1 adserver.adbunker.com

O1 - Hosts: 127.0.0.1 phpadsnew.abac.com

O1 - Hosts: 127.0.0.1 a.abnad.net

O1 - Hosts: 127.0.0.1 b.abnad.net

O1 - Hosts: 127.0.0.1 c.abnad.net #[iE-SpyAd]

O1 - Hosts: 127.0.0.1 d.abnad.net

O1 - Hosts: 127.0.0.1 e.abnad.net

O1 - Hosts: 127.0.0.1 m3.abnad.net

O1 - Hosts: 127.0.0.1 t.abnad.net

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 gtcc1.acecounter.com

O1 - Hosts: 127.0.0.1 gtp1.acecounter.com

O1 - Hosts: 127.0.0.1 acestats.com

O1 - Hosts: 127.0.0.1 www.acestats.com

O1 - Hosts: 127.0.0.1 http.acid-burn.info #[W32/Banker.YSP]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 www.activesearch.com #[Adware.ActiveSearch]

O1 - Hosts: 12581 more lines...

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (IeCatch5 Class) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\Jccatch.dll (FlashGet)

O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar: (no name) - {437434D2-065E-499D-A337-59657DF3342F} - Reg Error: Key does not exist or could not be opened. File not found

O3 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..\Toolbar: (no name) - {437434D2-065E-499D-A337-59657DF3342F} - Reg Error: Key does not exist or could not be opened. File not found

O4 - HKLM..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [ReproGAGD] C:\WINDOWS\system32\DualAn.exe (Guillemot Corporation)

O4 - HKLM..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S ()

O4 - HKLM..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" ()

O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)

O4 - HKCU..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (Sony Ericsson Mobile Communications AB)

O4 - HKU\.DEFAULT..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-18..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-19..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-20..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (GRISOFT, s.r.o.)

O4 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)

O4 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon (Sony Ericsson Mobile Communications AB)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\explorer.ahk ()

O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()

O4 - Startup: C:\Documents and Settings\user\Start Menu\Programs\Startup\PowerReg SchedulerV2.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()

O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found

O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found

O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found

O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)

O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Sites: www.fileplanet.com (* in Trusted sites)

O15 - HKCU\..Trusted Sites: www.gamefaqs.com (* in Trusted sites)

O15 - HKCU\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..Trusted Sites: www.fileplanet.com (* in Trusted sites)

O15 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..Trusted Sites: www.gamefaqs.com (* in Trusted sites)

O15 - HKU\S-1-5-21-1229272821-1767777339-725345543-1004\..Trusted Sites: 2 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} http://activex.microsoft.com/objects/ocget.dll (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} http://content.kontiki.com/kdx/v2.20/konti...current/kdx.cab (Secure Delivery)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key does not exist or could not be opened.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key does not exist or could not be opened.)

O18 - Protocol\Handler: - ipp - No CLSID value found

O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp - No CLSID value found

O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler: - skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]

!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll File not found

AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- Reg Error: Value does not exist or could not be read. File not found

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]

"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

>[2001/09/18 17:37:34 | 00,016,973 | ---- | M] () -- C:\WINDOWS\system32\ZWebAuth.dll

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]

"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []

[2003/05/27 11:27:10 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

AUTORUN.INF [[AutoRun] | ShellExecute=INDEX.html | icon=avira.ico | ]

[2008/11/12 10:56:15 | 00,000,052 | R--- | M] () -- D:\AUTORUN.INF -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be38da7d-ab38-11dc-a1b3-0010dcde64a5}\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be38da7d-ab38-11dc-a1b3-0010dcde64a5}\Shell\AutoRun]

"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be38da7d-ab38-11dc-a1b3-0010dcde64a5}\Shell\AutoRun\command]

"" = J:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell]

"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun]

"" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[1 F:\My Documents\*.tmp files]

[2008/11/13 01:02:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2008/11/12 22:10:45 | 48,166,192 | ---- | C] (Avira GmbH) -- C:\Documents and Settings\user\Desktop\rescuecd.exe

[2008/11/12 22:01:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/11/12 22:01:08 | 00,000,571 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/12 22:01:05 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/11/12 22:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2008/11/12 22:00:22 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\checkers.exe

[2008/11/12 21:52:21 | 06,637,592 | ---- | C] () -- C:\Documents and Settings\user\Desktop\solitaire.EXE

[2008/11/12 21:34:06 | 06,634,008 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SUPERAntiSpyware.exe

[2008/11/12 20:24:04 | 00,000,817 | ---- | C] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2008/11/12 20:18:50 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HJT-Install.exe

[2008/11/12 17:09:42 | 00,000,498 | ---- | C] () -- C:\Documents and Settings\user\Desktop\EATS Austin.lnk

[2008/11/12 17:09:37 | 00,000,000 | ---D | C] -- F:\My Documents\EATS Austin

[2008/11/11 21:22:17 | 36,605,7472 | ---- | C] () -- C:\Documents and Settings\user\Desktop\House 302 - Cane and Able.avi

[2008/11/11 21:22:11 | 36,602,9930 | ---- | C] () -- C:\Documents and Settings\user\Desktop\House 301 - Meaning.avi

[2008/11/10 15:38:51 | 00,059,392 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Retail shopping guide.doc

[2008/11/09 19:35:09 | 04,727,354 | ---- | C] () -- C:\Ionvik1.bmp

[2008/11/09 19:23:55 | 00,142,848 | -HS- | C] () -- F:\My Documents\Thumbs.db

@Alternate Data Stream - 0 bytes -> F:\My Documents\Thumbs.db:encryptable

[2008/11/09 19:16:33 | 00,099,719 | ---- | C] () -- C:\Ionvik1.jpg

[2008/11/06 16:25:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\MWmods

[2008/11/04 16:23:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sony Ericsson

[2008/11/04 16:22:32 | 00,000,000 | ---D | C] -- C:\Program Files\Avanquest update

[2008/11/04 16:22:04 | 00,104,488 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016mgmt.sys

[2008/11/04 16:22:04 | 00,100,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016obex.sys

[2008/11/04 16:22:03 | 00,110,504 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016mdm.sys

[2008/11/04 16:22:03 | 00,015,016 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016mdfl.sys

[2008/11/04 16:22:03 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016cmnt.sys

[2008/11/04 16:22:03 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016cm.sys

[2008/11/04 16:21:57 | 00,083,880 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016bus.sys

[2008/11/04 16:21:57 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016whnt.sys

[2008/11/04 16:21:57 | 00,012,200 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\a016wh.sys

[2008/11/04 16:21:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE

[2008/11/04 16:21:46 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Ericsson

[2008/11/04 16:21:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

[2008/11/04 16:21:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\InstallShield

[2008/11/04 16:06:09 | 00,013,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll

[2008/11/04 16:05:38 | 01,197,294 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb

[2008/11/04 16:05:38 | 00,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb

[2008/11/04 16:05:38 | 00,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb

[2008/11/04 16:04:31 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008/11/04 16:04:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF

[2008/11/04 16:02:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sony Setup

[2008/11/04 16:01:52 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup

[2008/10/31 08:12:23 | 00,029,184 | ---- | C] () -- F:\My Documents\Business Profile.doc

[2008/10/29 13:31:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Publish Providers

[2008/10/29 13:30:56 | 00,000,000 | ---D | C] -- F:\My Documents\Vegas Movie Studio PE 9.0 Projects

[2008/10/29 13:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Sony

[2008/10/29 13:30:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Sony

[2008/10/29 13:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins

[2008/10/29 13:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony

[2008/10/29 12:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign

[2008/10/29 12:20:26 | 00,180,276 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mspdb50.dll

[2008/10/29 12:20:23 | 00,483,328 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Dsi.dll

[2008/10/29 12:19:39 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\wnaspi32.dll

[2008/10/29 12:19:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel

[2008/10/29 12:18:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Avid

[2008/10/17 10:22:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\DNA

[2008/10/17 10:22:10 | 00,000,000 | ---D | C] -- C:\Program Files\DNA

[2008/10/17 10:22:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DNA

[2008/10/15 12:07:12 | 00,000,750 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2008/10/14 18:41:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]

[1 C:\WINDOWS\*.tmp files]

[1 F:\My Documents\*.tmp files]

[2008/11/13 09:10:51 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2008/11/13 09:10:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2008/11/13 09:09:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2008/11/13 09:09:02 | 02,108,352 | -H-- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2008/11/12 22:36:03 | 48,166,192 | ---- | M] (Avira GmbH) -- C:\Documents and Settings\user\Desktop\rescuecd.exe

[2008/11/12 22:33:42 | 00,001,125 | ---- | M] () -- C:\WINDOWS\Winamp.ini

[2008/11/12 22:01:08 | 00,000,571 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2008/11/12 22:00:48 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\checkers.exe

[2008/11/12 21:53:44 | 06,637,592 | ---- | M] () -- C:\Documents and Settings\user\Desktop\solitaire.EXE

[2008/11/12 21:43:32 | 00,000,256 | ---- | M] () -- C:\WINDOWS\system.ini

[2008/11/12 21:34:27 | 06,634,008 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SUPERAntiSpyware.exe

[2008/11/12 21:26:57 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\user\Desktop\HijackThis.lnk

[2008/11/12 20:46:29 | 00,241,152 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/11/12 20:18:51 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\user\Desktop\HJT-Install.exe

[2008/11/12 20:11:16 | 00,000,906 | ---- | M] () -- C:\WINDOWS\win.ini

[2008/11/12 20:11:16 | 00,000,211 | -H-- | M] () -- C:\boot.ini

[2008/11/12 17:09:41 | 00,000,498 | ---- | M] () -- C:\Documents and Settings\user\Desktop\EATS Austin.lnk

[2008/11/12 16:47:54 | 00,035,458 | ---- | M] () -- C:\WINDOWS\user.acl

[2008/11/12 16:09:02 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2008/11/12 14:42:52 | 00,059,392 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Retail shopping guide.doc

[2008/11/12 14:01:39 | 00,006,218 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\explorer.ahk

[2008/11/11 23:04:30 | 36,605,7472 | ---- | M] () -- C:\Documents and Settings\user\Desktop\House 302 - Cane and Able.avi

[2008/11/11 23:04:16 | 36,602,9930 | ---- | M] () -- C:\Documents and Settings\user\Desktop\House 301 - Meaning.avi

[2008/11/09 19:35:09 | 04,727,354 | ---- | M] () -- C:\Ionvik1.bmp

[2008/11/09 19:27:55 | 00,142,848 | -HS- | M] () -- F:\My Documents\Thumbs.db

@Alternate Data Stream - 0 bytes -> F:\My Documents\Thumbs.db:encryptable

[2008/11/09 19:16:33 | 00,099,719 | ---- | M] () -- C:\Ionvik1.jpg

[2008/11/08 11:42:13 | 01,467,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2008/11/06 15:51:42 | 00,036,080 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2008/11/04 16:06:10 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2008/11/04 16:05:31 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx

[2008/11/04 16:04:31 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf

[2008/11/02 11:37:01 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2008/11/02 11:37:01 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2008/11/02 11:37:01 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2008/10/31 08:12:25 | 00,029,184 | ---- | M] () -- F:\My Documents\Business Profile.doc

[2008/10/26 18:26:09 | 00,000,573 | ---- | M] () -- C:\Documents and Settings\user\Desktop\OpenTTD.lnk

[2008/10/22 16:10:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2008/10/22 16:10:22 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2008/10/15 12:33:44 | 00,000,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk

[2008/10/15 10:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll

[2008/10/15 10:57:55 | 00,332,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll

< End of report >

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:06:15 AM, on 11/13/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Safe mode with network support

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

G:\OTListIt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\notepad.exe

C:\WINDOWS\notepad.exe

G:\Program Files\checkers\itscheckers.exe

F:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [ReproGAGD] C:\WINDOWS\system32\DualAn.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "F:\Program Files\RivaTuner v2.06\RivaTuner.exe" /S

O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')

O4 - Startup: PowerReg Scheduler.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Global Startup: explorer.ahk

O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)

O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)

O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

O15 - Trusted Zone: www.fileplanet.com

O15 - Trusted Zone: www.gamefaqs.com

O16 - DPF: {01118400-3E00-11D2-8470-0060089874ED} - http://activex.microsoft.com/objects/ocget.dll

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/konti...current/kdx.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - f:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - f:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--

End of file - 6237 bytes

[JeanInMontana]

Hi sorry for the delay, there was a miscommunication, and I thought someone was helping you. Please update MBAM, run a quick scan, post that log and a new HJT log.