Mozilla hijacked


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:03:02 PM, on 10/21/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Documents and Settings\All Users\Application Data\csrss.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\All Users\Application Data\csrss.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Opera\opera.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [svchost] C:\Documents and Settings\All Users\Application Data\csrss.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250625402593

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O20 - Winlogon Notify: Csrss - C:\WINDOWS\SYSTEM32\csrss2.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--

End of file - 6482 bytes

Link to post
Share on other sites

Hi,

Lets get a better look at your system.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\eventlog.dll
    %systemroot%\system32\scecli.dll
    %systemroot%\netlogon.dll
    %systemroot%\system32\cngaudit.dll
    %systemroot%\system32\sceclt.dll
    %systemroot%\ntelogon.dll
    %systemroot%\system32\logevent.dll
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

OTL logfile created on: 10/26/2009 7:07:08 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 160.00 Mb Available Physical Memory | 15.65% Memory free

2.40 Gb Paging File | 1.30 Gb Available in Paging File | 53.99% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 40.68 Gb Free Space | 54.59% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HP_HOME

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

PRC - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)

SRV - (avg9emc [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg9wd [Auto | Running]) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

SRV - (idsvc [unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (TomTomHOMEService [Auto | Running]) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Afc [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Afc.sys (Arcsoft, Inc.)

DRV - (amdide1 [boot | Running]) -- C:\WINDOWS\System32\drivers\amdide1.sys (Advanced Micro Devices)

DRV - (AmdK8 [system | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)

DRV - (AvgLdx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86 [system | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgRkx86 [boot | Running]) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX [system | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys (Broadcom Corporation)

DRV - (BVRPMPR5 [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6aud.sys (Conexant Systems Inc.)

DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\camc6hal.sys (Conexant Systems Inc.)

DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (HSF_DP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - (HSFHWATI [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWATI.sys (Conexant Systems, Inc.)

DRV - (Lbd [boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)

DRV - (motmodem [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys (Motorola)

DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)

DRV - (PxHelp20 [boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)

DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (srescan [boot | Running]) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)

DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)

DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)

DRV - (vsdatant [system | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE A8 46 D3 44 20 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/31 00:47:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/22 10:06:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/21 21:58:06 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/21 21:57:49 | 00,000,000 | ---D | M]

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/22 20:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Extensions\[email protected]

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\mozilla\Firefox\Profiles\7ifs05aj.default\extensions

[2009/10/26 03:29:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2009/10/21 21:57:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/08/31 00:47:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll

[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll

[2009/08/31 00:47:04 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll

[2009/07/07 17:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll

[2009/07/07 17:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnupdater2.dll

[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL

[2004/12/14 02:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll

[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll

[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml

[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml

[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml

[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml

[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml

[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml

[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250625402593 (WUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/18 15:23:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found

NetSvcs: Ias - Service key not found. File not found

NetSvcs: Iprip - Service key not found. File not found

NetSvcs: Irmon - Service key not found. File not found

NetSvcs: NWCWorkstation - Service key not found. File not found

NetSvcs: Nwsapagent - Service key not found. File not found

NetSvcs: Wmi - Service key not found. File not found

NetSvcs: WmdmPmSp - Service key not found. File not found

NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/18 00:25:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/10/10 14:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/10/21 00:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/10/19 23:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/10/18 00:22:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/21 22:06:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 01:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG9

[2009/10/21 22:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2009/10/17 23:56:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinPatrol

[2009/10/01 11:36:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\SupportSoft

[2009/10/01 11:36:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft

[2009/10/18 00:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/09/30 01:30:07 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2009/09/30 01:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2009/10/18 00:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/10/21 22:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/01 14:23:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2009/10/23 17:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/10/26 19:08:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop\gmer

[2009/10/26 19:05:13 | 00,521,728 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/10/23 19:58:29 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW

[2009/10/22 00:14:16 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/22 00:14:15 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/22 00:14:15 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/10/22 00:14:05 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/22 00:14:04 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/22 00:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/10/21 22:06:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/21 22:06:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/21 19:33:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/21 19:16:12 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/10/21 18:11:39 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/10/21 18:11:36 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/10/21 18:11:35 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/10/21 18:11:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/10/21 18:11:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/10/21 17:06:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8

[2009/10/21 00:59:59 | 00,000,000 | ---D | C] -- C:\$AVG

[2009/10/21 00:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009/10/18 01:44:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/10/18 00:30:54 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/10/04 16:40:44 | 00,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS

[2009/10/04 16:39:51 | 00,000,000 | ---D | C] -- C:\Netgear

[2009/10/01 17:04:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\tiinst

[2009/10/01 16:20:01 | 00,215,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll

[2009/10/01 16:20:01 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui

[2009/10/01 16:20:00 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll

========== Files - Modified Within 30 Days ==========

[2009/10/26 19:05:14 | 00,521,728 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/10/26 19:04:58 | 03,436,814 | ---- | M] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe

[2009/10/26 17:38:13 | 44,228,538 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/26 17:37:45 | 00,050,757 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/26 17:25:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\prvlcl.dat

[2009/10/26 14:10:41 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1E20F045-CEB8-46D1-9DBB-4C4D3476B68E}.job

[2009/10/26 13:55:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/10/26 13:53:57 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/10/26 13:49:51 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2009/10/26 13:49:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/26 13:49:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/26 13:49:01 | 10,718,94528 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/24 21:17:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/22 19:29:54 | 00,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/10/22 09:54:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/22 09:54:47 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/22 09:54:10 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/10/22 00:14:16 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/22 00:14:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/22 00:14:04 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/22 00:13:52 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/22 00:13:52 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/21 21:57:52 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/10/21 19:29:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/21 19:16:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/10/21 02:47:49 | 00,052,356 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/20 14:04:30 | 00,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/10/19 22:01:49 | 00,066,360 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/10/18 01:04:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/10 22:24:58 | 00,551,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/10 22:24:58 | 00,463,948 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/10 22:24:58 | 00,079,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/10 14:56:47 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2009/10/03 03:12:10 | 00,000,210 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/10/01 11:37:15 | 00,001,046 | ---- | M] () -- C:\net_save.dna

========== Files - No Company Name ==========

[2009/10/26 19:04:52 | 03,436,814 | ---- | C] () -- C:\Documents and Settings\user\Desktop\ComboFix.exe

[2009/10/23 18:35:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\prvlcl.dat

[2009/10/22 00:14:04 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/22 00:13:52 | 44,228,538 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/22 00:13:52 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/22 00:13:52 | 00,050,757 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/22 00:13:51 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/21 21:57:52 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/10/21 19:12:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/10/21 18:11:36 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/10/21 18:11:36 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/10/18 00:33:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/10/10 14:56:47 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk

[2009/10/01 11:37:15 | 00,001,046 | ---- | C] () -- C:\net_save.dna

[2009/09/30 01:36:00 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/09/10 15:19:20 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2009/08/25 15:22:10 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/08/25 14:59:20 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini

[2009/08/24 00:54:17 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat

[2009/08/20 21:45:41 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/20 21:11:39 | 00,066,360 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/08/20 18:29:52 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/19 12:44:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/18 16:41:33 | 05,889,140 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2009/08/18 15:36:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini

[2009/08/18 11:12:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2009/01/05 15:44:10 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini

[2007/09/27 10:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2007/09/27 10:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2007/09/27 10:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2004/08/04 09:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/08/04 09:00:00 | 00,000,210 | ---- | C] () -- C:\WINDOWS\win.ini

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/22 00:09:20 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data

[2009/09/09 19:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/10/18 00:25:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/08/20 21:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/10/26 13:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/25 15:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009/09/18 00:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames

[2009/08/22 20:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/09/10 18:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/10/23 02:39:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\user\Application Data

[2009/09/10 18:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore

[2009/09/10 18:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aim

[2009/08/25 16:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ArcSoft

[2009/10/21 01:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG9

[2009/08/25 15:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech

[2009/08/24 00:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template

[2009/08/22 20:32:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom

[2009/09/10 18:46:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint

[2009/08/18 16:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Desktop Search

[2009/08/21 00:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search

[2009/10/17 23:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol

[2009/10/26 13:55:06 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2009/10/24 21:17:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

[2004/08/04 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/26 13:49:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/10/26 14:10:41 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1E20F045-CEB8-46D1-9DBB-4C4D3476B68E}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll

< %systemroot%\system32\scecli.dll >

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 10/26/2009 7:07:08 PM - Run 1

OTL by OldTimer - Version 3.0.22.1 Folder = C:\Documents and Settings\user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 160.00 Mb Available Physical Memory | 15.65% Memory free

2.40 Gb Paging File | 1.30 Gb Available in Paging File | 53.99% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 40.68 Gb Free Space | 54.59% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HP_HOME

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"110:TCP" = 110:TCP:*:Enabled:svchost

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support

"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player

"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX595 Series Scanner Driver Update

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 15

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime

"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0

"{AC76BA86-7AD7-5464-3428-7E8A450000A7}" = Spelling Dictionaries For Adobe Reader Package

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver

"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD

"7-Zip" = 7-Zip 4.65

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM_6" = AIM 6

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Instant Messenger" = AOL Instant Messenger

"ATI Display Driver" = ATI Display Driver

"AVG9Uninstall" = AVG 9.0

"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter

"CCleaner" = CCleaner (remove only)

"CNXT_AUDIO" = Conexant AC-Link Audio

"CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP

"EPSON Printer and Utilities" = EPSON Printer Software

"EPSON Scanner" = EPSON Scan

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Picasa 3" = Picasa 3

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TomTom HOME" = TomTom HOME 2.7.2.1825

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 10/21/2009 9:42:32 PM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CONFIG.MSI\339B3.RBF> in the hash map cannot be updated.

Context:

Application, SystemIndex Catalog Details: A device attached to the system is not

functioning. (0x8007001f)

Error - 10/21/2009 9:42:37 PM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CONFIG.MSI\339B1.RBS> in the hash map cannot be updated.

Context:

Application, SystemIndex Catalog Details: A device attached to the system is not

functioning. (0x8007001f)

Error - 10/22/2009 1:28:33 AM | Computer Name = HP_HOME | Source = Application Error | ID = 1000

Description = Faulting application cscript.exe, version 5.7.0.18066, faulting module

vbscript.dll, version 5.8.6001.18702, fault address 0x0000c4b2.

Error - 10/23/2009 5:23:45 PM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\DOCUMENTS AND SETTINGS\USER\MY DOCUMENTS\MY MUSIC\ITUNES\ITUNES

LIBRARY EXTRAS.ITDB-JOURNAL> in the hash map cannot be updated. Context: Application,

SystemIndex Catalog Details: A device attached to the system is not functioning.

(0x8007001f)

Error - 10/23/2009 9:49:00 PM | Computer Name = HP_HOME | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This operation returned because the timeout period expired.

Error - 10/24/2009 12:17:45 AM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CMDCONS\SYSTEM32\NTDLL.DLL> in the hash map cannot be

updated. Context: Application, SystemIndex Catalog Details: A device attached to

the system is not functioning. (0x8007001f)

Error - 10/24/2009 12:17:45 AM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CMDCONS\SYSTEM32\NTDLL.DLL> in the hash map cannot be

updated. Context: Application, SystemIndex Catalog Details: A device attached to

the system is not functioning. (0x8007001f)

Error - 10/24/2009 12:17:47 AM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CMDCONS\SYSTEM32\SMSS.EXE> in the hash map cannot be

updated. Context: Application, SystemIndex Catalog Details: A device attached to

the system is not functioning. (0x8007001f)

Error - 10/24/2009 12:17:47 AM | Computer Name = HP_HOME | Source = Windows Search Service | ID = 3013

Description = The entry <C:\CMDCONS\SYSTEM32\SMSS.EXE> in the hash map cannot be

updated. Context: Application, SystemIndex Catalog Details: A device attached to

the system is not functioning. (0x8007001f)

Error - 10/24/2009 10:49:57 PM | Computer Name = HP_HOME | Source = Application Hang | ID = 1002

Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module

hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]

Error - 10/23/2009 11:01:24 AM | Computer Name = HP_HOME | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.100.10

on the Network Card with network address 0016D436A804.

Error - 10/23/2009 11:18:30 AM | Computer Name = HP_HOME | Source = Dhcp | ID = 1002

Description = The IP address lease 24.62.10.235 for the Network Card with network

address 0016D436A804 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 10/23/2009 11:20:07 AM | Computer Name = HP_HOME | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.100.10

on the Network Card with network address 0016D436A804.

Error - 10/23/2009 11:21:14 AM | Computer Name = HP_HOME | Source = Dhcp | ID = 1002

Description = The IP address lease 24.62.10.235 for the Network Card with network

address 0016D436A804 has been denied by the DHCP server 0.0.0.0 (The DHCP Server

sent a DHCPNACK message).

Error - 10/23/2009 11:22:53 AM | Computer Name = HP_HOME | Source = Dhcp | ID = 1000

Description = Your computer has lost the lease to its IP address 192.168.100.10

on the Network Card with network address 0016D436A804.

Error - 10/23/2009 8:56:25 PM | Computer Name = HP_HOME | Source = Service Control Manager | ID = 7031

Description = The Apple Mobile Device service terminated unexpectedly. It has done

this 1 time(s). The following corrective action will be taken in 60000 milliseconds:

Restart the service.

Error - 10/23/2009 8:56:29 PM | Computer Name = HP_HOME | Source = Service Control Manager | ID = 7034

Description = The iPod Service service terminated unexpectedly. It has done this

1 time(s).

Error - 10/25/2009 10:41:01 PM | Computer Name = HP_HOME | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

the WZCSVC service.

Error - 10/26/2009 1:50:33 PM | Computer Name = HP_HOME | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM

Service service to connect.

Error - 10/26/2009 1:50:33 PM | Computer Name = HP_HOME | Source = Service Control Manager | ID = 7000

Description = The IMAPI CD-Burning COM Service service failed to start due to the

following error: %%1053

< End of report >

Link to post
Share on other sites

Can you please give a detailed description of exactly what the problem you are having is?

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Link to post
Share on other sites

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 01:55 on 28/10/2009 by user (Administrator - Elevation successful)

No Context: CODE

========== filefind ==========

Searching for "*atapi.sys*"

C:\WINDOWS\system32\dllcache\atapi.sys --a--c 96512 bytes [04:10 14/04/2008] [04:10 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

C:\WINDOWS\system32\drivers\atapi.sys --a--- 96512 bytes [04:10 14/04/2008] [04:10 14/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674

-=End Of File=-

Link to post
Share on other sites

Sorry, I have no idea where that came from. Here is the log that you requested.

GooredFix by jpshortstuff (24.09.09.1)

Log created at 23:55 on 29/10/2009 (user)

Firefox version 3.5.3 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:57 22/10/2009]

{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [04:47 31/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [04:47 31/08/2009]

"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG9\Firefox" [04:13 22/10/2009]

-=E.O.F=-

Link to post
Share on other sites

I want to get a new scan with OTL using a different custom scan.

Are you still experiecing redirects?

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.exe
    HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions
    %SYSTEMDRIVE%\eventlog.dll /s /md5
    %SYSTEMDRIVE%\scecli.dll /s /md5
    %SYSTEMDRIVE%\netlogon.dll /s /md5
    %SYSTEMDRIVE%\cngaudit.dll /s /md5
    %SYSTEMDRIVE%\sceclt.dll /s /md5
    %SYSTEMDRIVE%\ntelogon.dll /s /md5
    %SYSTEMDRIVE%\logevent.dll /s /md5
    %SYSTEMDRIVE%\iaStor.sys /s /md5
    %SYSTEMDRIVE%\nvstor.sys /s /md5
    %SYSTEMDRIVE%\atapi.sys /s /md5
    %SYSTEMDRIVE%\IdeChnDr.sys /s /md5
    %SYSTEMDRIVE%\viasraid.sys /s /md5
    %SYSTEMDRIVE%\AGP440.sys /s /md5
    %SYSTEMDRIVE%\vaxscsi.sys /s /md5

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Link to post
Share on other sites

I do not seem to be experiencing redirects anymore. Here is my OTL log. It did not give me any documents called "extras".

OTL logfile created on: 10/31/2009 7:01:46 PM - Run 2

OTL by OldTimer - Version 3.1.1.8 Folder = C:\Documents and Settings\user\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.17 Mb Total Physical Memory | 57.08 Mb Available Physical Memory | 5.58% Memory free

2.40 Gb Paging File | 1.29 Gb Available in Paging File | 53.85% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 40.57 Gb Free Space | 54.43% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: HP_HOME

Current User Name: user

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)

PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)

SRV - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)

SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)

SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)

SRV - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)

SRV - c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)

SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SRV - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

SRV - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)

SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)

DRV - C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - C:\WINDOWS\system32\drivers\amdide1.sys (Advanced Micro Devices)

DRV - C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )

DRV - C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - C:\WINDOWS\system32\ZoneLabs\srescan.sys (Check Point Software Technologies LTD)

DRV - C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)

DRV - C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)

DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)

DRV - C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)

DRV - C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)

DRV - C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)

DRV - C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)

DRV - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)

DRV - C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)

DRV - C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)

DRV - C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)

DRV - C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\user\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE A8 46 D3 44 20 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.696

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/10/22 10:06:58 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/30 01:18:59 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/31 02:12:07 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/29 23:56:16 | 00,000,000 | ---D | M]

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7ifs05aj.default\extensions

[2009/08/22 20:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/08/22 20:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\[email protected]

[2009/10/21 21:58:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\7ifs05aj.default\extensions

[2009/10/30 01:20:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/10/29 23:56:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/30 01:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/30 01:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/29 23:56:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/10/30 01:20:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/10/29 23:56:06 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2009/10/29 23:56:06 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2009/10/30 01:18:59 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll

[2009/07/07 17:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 17:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2009/10/29 23:56:10 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2009/10/18 00:27:26 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2007/04/16 13:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

[2009/09/23 16:36:40 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll

[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)

O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe File not found

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1250625402593 (WUWebControl Class)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/08/18 15:23:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/08/18 15:22:54 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: EPSON Stylus Photo RX595 Series - hkey= - key= - File not found

MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe File not found

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vga.sys - Driver

SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -

ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/10/31 18:53:12 | 00,528,384 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/10/30 01:47:43 | 00,000,000 | -HSD | C] -- C:\RECYCLER

[2009/10/30 01:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp

[2009/10/30 01:37:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/10/30 01:37:06 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/10/30 01:37:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/10/30 01:37:06 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/10/30 01:19:53 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/10/30 01:19:44 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/10/30 01:19:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/10/30 01:19:44 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/10/29 15:03:33 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\user\Recent

[2009/10/28 02:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2009/10/28 02:45:23 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

[2009/10/28 02:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2009/10/28 00:36:17 | 00,093,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/10/23 17:36:26 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/10/22 00:14:16 | 00,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/22 00:14:15 | 00,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/22 00:14:15 | 00,161,800 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/10/22 00:14:05 | 00,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/22 00:14:04 | 00,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/22 00:13:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg

[2009/10/21 22:06:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Malwarebytes

[2009/10/21 22:06:09 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/10/21 22:06:07 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/10/21 22:06:07 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/10/21 22:06:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/10/21 19:16:12 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/10/21 18:11:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/10/21 01:14:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\AVG9

[2009/10/21 00:59:59 | 00,000,000 | ---D | C] -- C:\$AVG

[2009/10/21 00:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/10/21 00:57:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel

[2009/10/19 23:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2009/10/18 01:44:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2009/10/18 00:35:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2009/10/18 00:30:54 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys

[2009/10/18 00:25:12 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/10/18 00:22:00 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft

[2009/10/18 00:22:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft

[2009/10/17 23:56:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\WinPatrol

[2009/10/10 14:56:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2009/10/04 16:40:44 | 00,049,904 | R--- | C] (Avanquest Software) -- C:\WINDOWS\System32\drivers\BVRPMPR5.SYS

[2009/10/04 16:39:51 | 00,000,000 | ---D | C] -- C:\Netgear

========== Files - Modified Within 30 Days ==========

[2009/10/31 18:53:13 | 00,528,384 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe

[2009/10/31 18:49:50 | 44,519,940 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/31 18:49:19 | 00,068,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/31 17:25:08 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\prvlcl.dat

[2009/10/31 13:30:43 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1E20F045-CEB8-46D1-9DBB-4C4D3476B68E}.job

[2009/10/30 01:54:31 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk

[2009/10/30 01:46:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/10/30 01:44:14 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/10/30 01:32:53 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/10/30 01:30:51 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2009/10/30 01:30:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/10/30 01:30:12 | 10,718,94528 | -HS- | M] () -- C:\hiberfil.sys

[2009/10/30 01:28:27 | 02,883,584 | -H-- | M] () -- C:\Documents and Settings\user\NTUSER.DAT

[2009/10/30 01:28:27 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\user\ntuser.ini

[2009/10/30 01:18:58 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll

[2009/10/30 01:18:58 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2009/10/30 01:18:58 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2009/10/30 01:18:58 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2009/10/30 01:18:58 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2009/10/28 23:43:19 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/10/28 02:07:32 | 00,442,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/10/28 02:07:32 | 00,072,248 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/10/28 00:35:44 | 00,093,360 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys

[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe

[2009/10/24 21:17:05 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2009/10/22 19:29:54 | 00,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2009/10/22 09:54:50 | 00,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

[2009/10/22 09:54:47 | 00,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys

[2009/10/22 09:54:10 | 00,161,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys

[2009/10/22 00:14:16 | 00,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll

[2009/10/22 00:14:05 | 00,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys

[2009/10/22 00:14:04 | 00,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/22 00:13:52 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/22 00:13:52 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/21 21:57:52 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/10/21 19:16:27 | 00,000,281 | RHS- | M] () -- C:\boot.ini

[2009/10/21 02:47:49 | 00,052,356 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/20 14:04:30 | 00,253,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/10/19 22:01:49 | 00,066,360 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/10/10 22:24:58 | 00,551,034 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/10/08 14:57:02 | 00,611,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\uiautomationcore.dll

[2009/10/08 14:57:00 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleacc.dll

[2009/10/08 14:57:00 | 00,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleacc.dll

[2009/10/08 14:56:56 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaccrc.dll

[2009/10/08 14:56:56 | 00,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaccrc.dll

[2009/10/03 03:12:10 | 00,000,210 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/10/02 14:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

[2009/10/02 00:44:07 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll

========== Files Created - No Company Name ==========

[2009/10/30 01:37:06 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/10/30 01:37:06 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/10/30 01:37:06 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/10/30 01:37:06 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/10/30 01:37:06 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/10/23 18:35:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\prvlcl.dat

[2009/10/22 00:14:04 | 00,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm

[2009/10/22 00:13:52 | 44,519,940 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2009/10/22 00:13:52 | 00,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg

[2009/10/22 00:13:52 | 00,068,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg

[2009/10/22 00:13:51 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg

[2009/10/21 21:57:52 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2009/10/18 00:33:24 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

[2009/09/10 15:19:20 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini

[2009/08/25 15:22:10 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2009/08/25 14:59:20 | 00,000,084 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini

[2009/08/24 00:54:17 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\user\Application Data\wklnhst.dat

[2009/08/20 21:45:41 | 00,028,510 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2009/08/20 21:11:39 | 00,066,360 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2009/08/20 18:29:52 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/19 12:44:39 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2009/08/18 16:41:33 | 05,889,140 | -H-- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\IconCache.db

[2009/08/18 15:36:22 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\user\Application Data\desktop.ini

[2009/08/18 11:12:05 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

[2009/03/03 12:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont

[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont

[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

[2004/08/04 09:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

[2004/08/04 09:00:00 | 00,000,210 | ---- | C] () -- C:\WINDOWS\win.ini

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/08/20 21:36:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore

[2009/10/26 13:49:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9

[2009/08/25 15:25:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON

[2009/09/18 00:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SonyPicturesGames

[2009/08/22 20:37:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

[2009/09/10 18:21:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2009/09/09 19:09:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/10/18 00:25:27 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}

[2009/09/10 18:46:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\acccore

[2009/09/10 18:22:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Aim

[2009/08/25 16:44:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\ArcSoft

[2009/10/21 01:14:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\AVG9

[2009/08/25 15:02:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Leadertech

[2009/08/24 00:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Template

[2009/08/22 20:32:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\TomTom

[2009/09/10 18:46:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Viewpoint

[2009/08/21 00:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Windows Search

[2009/10/17 23:56:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\WinPatrol

[2009/10/30 01:32:53 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

[2004/08/04 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini

[2009/10/30 01:46:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

[2009/10/31 13:30:43 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1E20F045-CEB8-46D1-9DBB-4C4D3476B68E}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions >

"{3f963a5b-e555-4543-90e2-c3908898db71}" = C:\Program Files\AVG\AVG9\Firefox -- [2009/10/22 10:06:58 | 00,000,000 | ---D | M]

"[email protected]" = C:\Program Files\Java\jre6\lib\deploy\jqs\ff -- [2009/10/30 01:18:59 | 00,000,000 | ---D | M]

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2008/04/14 05:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[2008/04/14 05:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2008/04/14 05:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

[2008/04/14 00:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< End of report >

Link to post
Share on other sites

Sorry for the delay, I had internet problems over the weekend.

The logs are looking better.

1) TFC

Download TFC to your desktop

  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

2) Malwarebytes

mbamicontw5.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

3) JavaRa

Please download JavaRa to your desktop and unzip it to its own folder

  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

4) Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, adware, dialers, and other riskware
  • Archives
  • E-mail databases

[*]Click on My Computer under the green Scan bar to the left to start the scan. [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. [*]Click View report... at the bottom.

[*] Click the Save report... button.

KasReport.png

[*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

In your reply I would like to see copied and pasted,

1) Malwarebytes log

2) Kaspersky scan

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.41

Database version: 3045

Windows 5.1.2600 Service Pack 3

10/29/2009 5:09:13 AM

mbam-log-2009-10-29 (05-09-13).txt

Scan type: Full Scan (C:\|)

Objects scanned: 151658

Time elapsed: 4 hour(s), 39 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Tuesday, November 3, 2009

Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Tuesday, November 03, 2009 08:43:47

Records in database: 3117375

Scan settings

scan using the following database extended

Scan archives Error Resource :getAppletResource('kosp.report.true')

Error Resource :getAppletResource('kosp.report.scan_mail') Error Resource :getAppletResource('kosp.report.true')

Error Resource :getAppletResource('kosp.report.scan_target') Critical areas

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

C:\Documents and Settings\user\Start Menu\Programs\Startup

C:\Program Files

C:\WINDOWS

Error Resource :getAppletResource('kosp.report.statistics')

Error Resource :getAppletResource('kosp.report.stat.total') 30996

Error Resource :getAppletResource('kosp.report.stat.bodys') 0

Error Resource :getAppletResource('kosp.report.stat.infe') 0

Error Resource :getAppletResource('kosp.report.stat.susp') 0

Error Resource :getAppletResource('kosp.report.stat.time') 01:07:24

Error Resource :getAppletResource('kosp.report.no_malware')

Error Resource :getAppletResource('kosp.report.scan_complete')

I'm starting to wonder if this lag time is due to my new wireless router that I got a few weeks ago. I have the cheapest (and slowest) netgear router. But, it seemed like Mozilla was working fine for at least a week and a half until it started slowing.

Link to post
Share on other sites

Looks like the Kaspersky scan had an error.

Lets try this one.

Please download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder. Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box. There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.


  • System Memory

  • Startup Objects

  • Disk Boot Sectors.

  • My Computer.

  • Also any other drives (Removable that you may have)

After that click on Security level then choose Customize, click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then ok. Choose OK again to go back to the main screen.

  • Click on Scan at the top right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then choose the delete option when prompted.
  • After that is done click on the reports button at the bottom and save it as Kas to the desktop
  • Post only the detected Virus\malware in the report, it will be at the very top under Detected

Note: This tool will self uninstall when you close it so please remember to save the log before closing it.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.