[attachment=4444:CFScript.txt]

save this attachment to your desktop


then do the following:


Press the Windows Key + R > a run box will open:

Copy/Paste the following into the run box

"%userprofile%\desktop\combofix.exe" "%userprofile%\Desktop\CFscript.txt"


Press OK

Hello Doug. I copied and pasted the % thing and ran it as instructed but got another combofix scan is that what should have happened?. I know it must be frustrating dealing with a novice.
ComboFix 09-07-04.04 - bob 2009-07-05 6:44.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.1184 [GMT 1:00]
Running from: c:\users\bob\Desktop\combofix.exe
Command switches used :: c:\users\bob\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-06-05 to 2009-07-05 )))))))))))))))))))))))))))))))
.

2009-07-05 05:50 . 2009-07-05 05:51 -------- d-----w- c:\users\bob\AppData\Local\temp
2009-07-04 21:41 . 2009-07-04 21:42 -------- d-----w- c:\windows\$regcmp$
2009-07-01 08:39 . 2009-07-01 08:39 -------- d-----w- c:\users\bob\AppData\Roaming\iExpert Software
2009-07-01 08:39 . 2009-07-01 08:48 -------- d-----w- c:\program files\Registry Clean Expert
2009-06-29 07:06 . 2009-06-30 06:19 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-06-19 07:59 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-19 07:59 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-19 07:59 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-19 07:53 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-19 07:51 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-15 06:27 . 2009-06-15 06:27 -------- d-----w- c:\users\bob\AppData\Roaming\SuperAdBlocker.com
2009-06-15 06:26 . 2009-06-15 06:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-13 15:46 . 2009-06-13 15:46 -------- d-----w- c:\program files\DVD Decrypter
2009-06-13 12:14 . 2009-06-13 12:14 -------- d-----w- c:\program files\DVD Shrink(0)
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 07:01 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-11 07:01 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-11 07:01 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-11 07:01 . 2009-06-11 07:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-11 07:01 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 07:01 . 2009-07-04 21:40 -------- d-----w- c:\program files\Spyware Doctor
2009-06-11 07:01 . 2009-06-11 07:01 -------- d-----w- c:\users\bob\AppData\Roaming\PC Tools
2009-06-11 07:01 . 2009-06-11 07:01 -------- d-----w- c:\programdata\PC Tools
2009-06-07 08:33 . 2009-06-09 09:38 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 08:08 . 2008-10-30 19:03 -------- d-----w- c:\program files\SpywareBlaster
2009-07-01 08:35 . 2009-04-21 17:13 -------- d-----w- c:\program files\Auslogics
2009-06-20 16:10 . 2008-08-30 19:42 -------- d-----w- c:\programdata\DVD Shrink
2009-06-20 16:08 . 2008-12-31 16:27 -------- d-----w- c:\users\bob\AppData\Roaming\dvdcss
2009-06-18 18:52 . 2008-08-31 02:53 -------- d-----w- c:\users\bob\AppData\Roaming\wsInspector
2009-06-18 07:40 . 2009-05-18 06:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-18 06:39 . 2009-03-25 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 06:38 . 2009-04-24 07:04 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 10:27 . 2009-03-25 06:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-03-25 06:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 07:35 . 2008-12-31 16:26 -------- d-----w- c:\users\bob\AppData\Roaming\vlc
2009-06-14 07:35 . 2008-08-30 19:42 -------- d-----w- c:\program files\DVD Shrink
2009-06-12 08:33 . 2009-05-18 06:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-07 08:36 . 2009-05-04 17:19 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 06:11 . 2009-03-09 18:08 -------- d-----w- c:\program files\McAfee
2009-05-21 15:36 . 2009-05-21 15:35 16742799 ----a-w- c:\programdata\vlc-0.9.9-win32.exe
2009-05-21 15:36 . 2009-05-21 15:35 16742799 ----a-w- c:\programdata\vlc-0.9.9-win32.exe
2009-05-18 06:12 . 2009-05-18 06:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-18 06:12 . 2009-05-18 06:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 06:12 . 2008-11-06 18:09 -------- d-----w- c:\programdata\Avg8
2009-04-10 11:07 . 2008-08-29 07:49 1356 ----a-w- c:\users\bob\AppData\Local\d3d9caps.dat
2009-04-08 17:29 . 2009-04-08 17:27 131072 ----a-w- c:\windows\system32\datestamp.dll
2009-04-08 17:27 . 2009-04-08 17:27 45056 ----a-r- c:\users\bob\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-12 2952128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-17 1181576]
"BTModemProtection"="BTModemProtection.lnk" - c:\windows\System32\BTModemProtection.lnk [2009-01-18 1657]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2052876018-1554197128-2134586999-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0602B06A-6372-499D-BEF4-6AC06F88A6BF}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8106E98A-F4C7-4D90-B936-92FA5B5B72C8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A4A1EBA0-675B-431D-A8B2-CB48EB57D8DD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2009-06-11 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-05-18 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-05-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-18 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-18 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-09 210216]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-06-11 348752]
R3 ModemProtection;ModemProtection;c:\windows\System32\ModemProtection.sys [2005-05-15 13157]
S4 FQXPEFL;FQXPEFL;c:\users\bob\AppData\Local\Temp\FQXPEFL.exe --> c:\users\bob\AppData\Local\Temp\FQXPEFL.exe [?]
S4 HFJCDPT;HFJCDPT;c:\users\bob\AppData\Local\Temp\HFJCDPT.exe --> c:\users\bob\AppData\Local\Temp\HFJCDPT.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pw03ouua.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-05 06:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3028)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\SlySoft\AnyDVD\ADvdDiscHlp.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-07-05 6:53
ComboFix-quarantined-files.txt 2009-07-05 05:53
ComboFix2.txt 2009-07-04 08:14

Pre-Run: 132,778,205,184 bytes free
Post-Run: 132,740,833,280 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
135 --- E O F --- 2009-06-27 07:09

Hi,

You're doing fine, we need to do that again, but we'll try it a different way

I have attached a zipped file called Ditto.zip

[attachment=4445:ditto.zip]

Please disable all your Security programs.

Save ditto.zip to your desktop

Double click on Ditto.zip to extract the files

You will now see two new files - one called CFScript, the other called ditto.bat which has an icon like this

Please just double click the ditto.bat icon, which will start ComboFix.

Post the resulting log.


~CB

Hello Doug. Is this OK.
bob.
ComboFix 09-07-05.03 - bob 2009-07-06 8:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2036.1063 [GMT 1:00]
Running from: c:\users\bob\Desktop\ComboFix.exe
Command switches used :: c:\users\bob\desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-06-06 to 2009-07-06 )))))))))))))))))))))))))))))))
.

2009-07-06 07:59 . 2009-07-06 08:00 -------- d-----w- c:\users\bob\AppData\Local\temp
2009-07-05 06:54 . 2009-07-05 06:54 -------- d-----w- C:\perflogs
2009-07-05 06:47 . 2009-07-05 06:49 -------- d-----w- c:\users\bob\AppData\Roaming\GetRightToGo
2009-07-04 21:41 . 2009-07-04 21:42 -------- d-----w- c:\windows\$regcmp$
2009-07-01 08:39 . 2009-07-01 08:39 -------- d-----w- c:\users\bob\AppData\Roaming\iExpert Software
2009-07-01 08:39 . 2009-07-01 08:48 -------- d-----w- c:\program files\Registry Clean Expert
2009-06-29 07:06 . 2009-06-30 06:19 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-06-19 07:59 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-19 07:59 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-19 07:59 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-19 07:53 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-19 07:51 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-06-15 06:27 . 2009-06-15 06:27 -------- d-----w- c:\users\bob\AppData\Roaming\SuperAdBlocker.com
2009-06-15 06:26 . 2009-06-15 06:26 -------- d-----w- c:\windows\system32\URTTemp
2009-06-13 15:46 . 2009-06-13 15:46 -------- d-----w- c:\program files\DVD Decrypter
2009-06-13 12:14 . 2009-06-13 12:14 -------- d-----w- c:\program files\DVD Shrink(0)
2009-06-11 20:33 . 2009-06-11 20:33 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-06-11 07:01 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-11 07:01 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-11 07:01 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-11 07:01 . 2009-06-11 07:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-11 07:01 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-11 07:01 . 2009-07-04 21:40 -------- d-----w- c:\program files\Spyware Doctor
2009-06-11 07:01 . 2009-06-11 07:01 -------- d-----w- c:\users\bob\AppData\Roaming\PC Tools
2009-06-11 07:01 . 2009-06-11 07:01 -------- d-----w- c:\programdata\PC Tools
2009-06-07 08:33 . 2009-06-09 09:38 -------- d-----w- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 08:08 . 2008-10-30 19:03 -------- d-----w- c:\program files\SpywareBlaster
2009-07-01 08:35 . 2009-04-21 17:13 -------- d-----w- c:\program files\Auslogics
2009-06-20 16:10 . 2008-08-30 19:42 -------- d-----w- c:\programdata\DVD Shrink
2009-06-20 16:08 . 2008-12-31 16:27 -------- d-----w- c:\users\bob\AppData\Roaming\dvdcss
2009-06-18 18:52 . 2008-08-31 02:53 -------- d-----w- c:\users\bob\AppData\Roaming\wsInspector
2009-06-18 07:40 . 2009-05-18 06:12 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-18 06:39 . 2009-03-25 06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-18 06:38 . 2009-04-24 07:04 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-17 10:27 . 2009-03-25 06:57 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 10:27 . 2009-03-25 06:57 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 07:35 . 2008-12-31 16:26 -------- d-----w- c:\users\bob\AppData\Roaming\vlc
2009-06-14 07:35 . 2008-08-30 19:42 -------- d-----w- c:\program files\DVD Shrink
2009-06-12 08:33 . 2009-05-18 06:12 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-07 08:36 . 2009-05-04 17:19 -------- d-----w- c:\programdata\Yahoo! Companion
2009-05-25 12:01 . 2009-05-25 12:01 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2009-05-22 06:11 . 2009-03-09 18:08 -------- d-----w- c:\program files\McAfee
2009-05-21 15:36 . 2009-05-21 15:35 16742799 ----a-w- c:\programdata\vlc-0.9.9-win32.exe
2009-05-21 15:36 . 2009-05-21 15:35 16742799 ----a-w- c:\programdata\vlc-0.9.9-win32.exe
2009-05-18 06:12 . 2009-05-18 06:12 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-18 06:12 . 2009-05-18 06:12 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-18 06:12 . 2008-11-06 18:09 -------- d-----w- c:\programdata\Avg8
2009-04-10 11:07 . 2008-08-29 07:49 1356 ----a-w- c:\users\bob\AppData\Local\d3d9caps.dat
2009-04-08 17:29 . 2009-04-08 17:27 131072 ----a-w- c:\windows\system32\datestamp.dll
2009-04-08 17:27 . 2009-04-08 17:27 45056 ----a-r- c:\users\bob\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-06-12 2952128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-17 1181576]
"BTModemProtection"="BTModemProtection.lnk" - c:\windows\System32\BTModemProtection.lnk [2009-01-18 1657]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2052876018-1554197128-2134586999-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0602B06A-6372-499D-BEF4-6AC06F88A6BF}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{8106E98A-F4C7-4D90-B936-92FA5B5B72C8}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{A4A1EBA0-675B-431D-A8B2-CB48EB57D8DD}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [2009-06-11 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-05-18 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-05-18 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-05-18 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-05-18 298776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-03-09 210216]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-06-11 348752]
R3 ModemProtection;ModemProtection;c:\windows\System32\ModemProtection.sys [2005-05-15 13157]
S4 FQXPEFL;FQXPEFL;c:\users\bob\AppData\Local\Temp\FQXPEFL.exe --> c:\users\bob\AppData\Local\Temp\FQXPEFL.exe [?]
S4 HFJCDPT;HFJCDPT;c:\users\bob\AppData\Local\Temp\HFJCDPT.exe --> c:\users\bob\AppData\Local\Temp\HFJCDPT.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\pw03ouua.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-06 08:59
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

Hi,

Please do the following:

Download TFC to your desktop

• Close any open windows.
• Double click the TFC icon to run the program
• TFC will close all open programs itself in order to run,
• Click the Start button to begin the process.
• Allow TFC to run uninterrupted.
• The program should not take long to finish it's job
• Once its finished it should automatically reboot your machine,
• if it doesn't, manually reboot to ensure a complete clean

It's normal after running TFC cleaner that the PC will be slower to boot the first time.

NEXT

• Please open your MalwareBytes AntiMalware Program
• Click the Update Tab and search for updates
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish, so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected. <-- very important
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT

**Vista users - right click on the IE icon and run as administrator

Run an on-line scan with Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:

• Close any open programs
• Turn off the real time scanner of any existing antivirus program while performing the online scan

3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.

• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
• Click View scan report at the bottom.
  
  
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

In your next reply please include

• MBAM Log
• Kaspersky report

Thanks
~CB

Hello Doug. Ran TFC 39.4mbs removed. Malwarebytes reported no malicious items found also ran spyware doctor application.nircmd and trojan. generic gone
Kaspersky on line scan critical areas all items 0
My computer all items 0 as the scan reported 0 I could not get a report log.

Hi,

Please run this program so I can be certain you are clean then we can clean up all the tools used.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Thanks
~CB

Hello Doug. Here is the report log.
OTL logfile created on: 2009-07-06 23:19:25 - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Users\bob\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: yyyy-MM-dd

1.99 Gb Total Physical Memory | 1.12 Gb Available Physical Memory | 56.18% Memory free
4.00 Gb Paging File | 3.16 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.95 Gb Total Space | 122.74 Gb Free Space | 88.33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BOB-PC
Current User Name: bob
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008-10-29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009-05-18 07:12:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009-02-11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009-06-07 22:55:16 | 01,096,584 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009-05-18 07:12:02 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009-05-18 07:12:02 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009-06-17 07:48:08 | 01,181,576 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009-06-18 08:40:35 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009-05-18 07:12:02 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2005-05-15 16:52:02 | 00,397,312 | ---- | M] () -- C:\Windows\System32\BTModemProtection.exe
PRC - [2009-06-12 17:23:10 | 02,952,128 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
PRC - [2008-01-21 03:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-21 03:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009-03-03 03:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2009-04-24 05:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009-07-06 23:18:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\bob\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009-06-18 08:40:35 | 00,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009-05-18 07:12:01 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008-07-27 19:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008-01-21 03:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [Disabled | Stopped])
SRV - [2006-11-02 13:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
SRV - [2006-11-02 13:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Disabled | Stopped])
SRV - [2008-01-21 03:23:49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008-06-20 02:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - File not found -- -- (FQXPEFL [Disabled | Stopped])
SRV - File not found -- -- (HFJCDPT [Disabled | Stopped])
SRV - [2008-06-20 02:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009-02-11 11:06:36 | 00,210,216 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008-06-20 02:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009-01-07 12:40:56 | 00,348,752 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService [Auto | Running])
SRV - [2009-06-07 22:55:16 | 01,096,584 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService [Auto | Running])
SRV - [2008-01-21 03:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Disabled | Stopped])
SRV - [2008-01-21 03:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008-01-21 03:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2008-01-21 03:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2008-01-21 03:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2008-01-21 03:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006-11-02 10:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2008-01-21 03:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2009-06-11 21:33:40 | 00,104,512 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2008-01-21 03:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2008-01-21 03:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009-06-12 09:33:31 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009-06-18 08:40:37 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009-05-18 07:12:15 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006-11-02 09:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006-11-02 09:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006-11-02 09:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006-11-02 09:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006-11-02 09:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006-11-02 09:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2008-01-21 03:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2008-01-21 03:23:25 | 00,220,672 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\e1e6032.sys -- (e1express [On_Demand | Running])
DRV - [2008-01-21 03:23:24 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2009-02-17 18:11:30 | 00,024,232 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2008-01-21 03:23:22 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008-01-21 03:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008-01-21 03:23:23 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2008-02-12 03:36:10 | 02,302,976 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006-11-02 10:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006-11-02 10:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006-11-02 10:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2008-01-21 03:23:25 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2008-01-21 03:23:23 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2008-01-21 03:23:27 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2008-01-21 03:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR [Disabled | Stopped])
DRV - [2005-05-15 16:52:54 | 00,013,157 | ---- | M] () -- C:\Windows\System32\ModemProtection.sys -- (ModemProtection [On_Demand | Running])
DRV - [2006-11-02 10:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2006-11-02 10:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006-11-02 08:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008-01-21 03:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2008-01-21 03:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2009-04-03 11:18:26 | 00,130,936 | ---- | M] (PC Tools) -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore [Boot | Running])
DRV - [2008-01-21 03:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006-11-02 10:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2006-11-02 07:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2008-01-21 03:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006-11-02 10:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006-11-02 10:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006-11-02 10:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2008-01-21 03:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006-11-02 10:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2008-01-21 03:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008-01-21 03:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2008-01-21 03:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.selectedEngine: "Ask"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/firefox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=1665&gct=&gc=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009-06-18 08:43:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009-06-25 08:04:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009-06-27 08:09:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-07-06 23:04:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-07-06 23:04:58 | 00,000,000 | ---D | M]

[2009-06-14 09:35:10 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Extensions
[2009-06-14 09:35:10 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-07-06 19:09:21 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\pw03ouua.default\extensions
[2009-06-28 03:24:31 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\pw03ouua.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-06-15 07:14:50 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\pw03ouua.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-06-15 20:46:45 | 00,000,000 | ---D | M] -- C:\Users\bob\AppData\Roaming\mozilla\Firefox\Profiles\pw03ouua.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-06-24 10:37:54 | 00,000,680 | ---- | M] () -- C:\Users\bob\AppData\Roaming\Mozilla\FireFox\Profiles\pw03ouua.default\searchplugins\ask.xml
[2009-07-06 23:07:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009-06-15 20:43:38 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-07-06 22:33:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009-04-24 05:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009-04-24 05:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009-07-06 19:04:38 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009-04-24 05:38:33 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009-04-24 01:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009-04-24 01:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009-04-24 01:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009-04-24 01:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009-04-24 01:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009-04-24 01:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009-04-24 01:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (287265 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9902 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [BTModemProtection] C:\Windows\System32\BTModemProtection.lnk ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009-07-06 23:17:58 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\bob\Desktop\OTL.exe
[2009-07-06 23:09:58 | 00,000,000 | ---D | C] -- C:\Windows\$regcmp$
[2009-07-06 19:06:15 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009-07-06 19:05:01 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009-07-06 09:02:42 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Local\temp
[2009-07-06 09:01:25 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009-07-06 08:51:33 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009-07-05 07:54:21 | 00,000,000 | ---D | C] -- C:\perflogs
[2009-07-05 07:47:55 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\GetRightToGo
[2009-07-04 22:10:15 | 03,045,754 | R--- | C] () -- C:\Users\bob\Desktop\ComboFix.exe
[2009-07-04 09:04:16 | 00,155,136 | ---- | C] () -- C:\Windows\PEV.exe
[2009-07-04 09:04:15 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009-07-04 09:03:35 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-07-01 09:39:43 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\iExpert Software
[2009-07-01 09:39:22 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2009-06-29 08:06:11 | 00,000,000 | ---D | C] -- C:\Program Files\CA Yahoo! Anti-Spy
[2009-06-19 08:59:54 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009-06-19 08:59:53 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009-06-19 08:59:53 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009-06-19 08:59:52 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009-06-19 08:59:52 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009-06-19 08:59:29 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009-06-19 08:53:16 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009-06-19 08:51:58 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009-06-15 20:43:41 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-06-15 20:43:36 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009-06-15 07:27:12 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\SuperAdBlocker.com
[2009-06-15 07:26:43 | 00,000,000 | ---D | C] -- C:\Windows\System32\URTTemp
[2009-06-14 08:46:10 | 07,402,796 | ---- | C] (Mozilla) -- C:\Users\bob\Documents\firefoxinstall_en-gb-m.exe
[2009-06-13 16:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2009-06-13 13:14:41 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink(0)
[2009-06-11 21:33:40 | 00,104,512 | ---- | C] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2009-06-11 08:01:40 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009-06-11 08:01:28 | 00,130,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009-06-11 08:01:28 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009-06-11 08:01:19 | 00,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009-06-11 08:01:17 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009-06-11 08:01:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009-06-11 08:01:14 | 00,000,000 | ---D | C] -- C:\Users\bob\AppData\Roaming\PC Tools
[2009-06-11 08:01:14 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009-06-11 08:01:14 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009-06-09 04:45:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Google
[2009-06-07 09:33:22 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2008-11-05 22:37:20 | 00,000,134 | ---- | C] () -- C:\Windows\wininit.ini
[2008-02-12 03:55:18 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006-11-02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 11:23:31 | 00,000,425 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 11:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005-05-15 16:52:54 | 00,013,157 | ---- | C] () -- C:\Windows\System32\ModemProtection.sys
[2004-07-10 19:55:38 | 00,252,416 | ---- | C] () -- C:\Windows\System32\wsiShared.dll
[1995-07-11 10:50:00 | 00,001,024 | -H-- | C] () -- C:\Windows\System32\msfxmod.dll

========== Files - Modified Within 30 Days ==========

[2009-07-06 23:18:00 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\bob\Desktop\OTL.exe
[2009-07-06 23:11:49 | 00,700,128 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009-07-06 23:11:49 | 00,604,438 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009-07-06 23:11:49 | 00,109,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009-07-06 23:05:50 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009-07-06 23:05:50 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009-07-06 23:05:46 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009-07-06 23:05:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009-07-06 23:03:31 | 01,371,874 | -H-- | M] () -- C:\Users\bob\AppData\Local\IconCache.db
[2009-07-06 19:04:37 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2009-07-06 09:00:01 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009-07-06 08:50:56 | 03,045,754 | R--- | M] () -- C:\Users\bob\Desktop\ComboFix.exe
[2009-07-06 08:39:19 | 37,798,215 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009-07-06 08:39:19 | 00,012,796 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009-06-30 07:11:00 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009-06-27 08:38:58 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009-06-19 10:11:42 | 00,228,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-06-18 08:40:37 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009-06-17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009-06-17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009-06-15 20:43:41 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009-06-14 08:46:10 | 07,402,796 | ---- | M] (Mozilla) -- C:\Users\bob\Documents\firefoxinstall_en-gb-m.exe
[2009-06-12 09:33:31 | 00,327,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009-06-11 21:33:40 | 00,104,512 | ---- | M] (SlySoft, Inc.) -- C:\Windows\System32\drivers\AnyDVD.sys
[2009-06-11 08:01:19 | 00,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009-06-08 08:10:10 | 00,155,136 | ---- | M] () -- C:\Windows\PEV.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8668AB36
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:8E87BEE4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:573DC2A3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:7ABD967A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A7F81DA2
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:E52B0D7C
< End of report >

Hi

Please do the following:

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  
  
  CODE
  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
  O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
  
  :Services
  FQXPEFL
  HFJCDPT
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]
  
  
• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the resulting log.

Please describe how your computer is running and if there are any outstanding issues.

If everything is OK, we can clean up our tools.

Hello Doug. I think you have done it.
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D0523BB4-21E7-11DD-9AB7-415B56D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0523BB4-21E7-11DD-9AB7-415B56D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== SERVICES/DRIVERS ==========

Service\Driver FQXPEFL deleted successfully.

Service\Driver HFJCDPT deleted successfully.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: bob
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 13553515 bytes
->FireFox cache emptied: 34578951 bytes
->Google Chrome cache emptied: 482 bytes

User: Default
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.97 mb


OTL by OldTimer - Version 3.0.6.5 log created on 07072009_035741

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

can you describe how your computer is running now and if there are any outstanding issues?

Please post a fresh HJT log so I can make sure you are clean then we can clean up all the tools we used

Hello Doug. The machine seems to be preforming a lot better the taskbar is reacting far quicker all in all I would say a great improvement.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:34, on 2009-07-07
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\BTModemProtection.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe


--
End of file - 2112 bytes

Hello Doug. Just an update on the computer it has suddenly gone dodgy again with long delays from taskbar and desktop short cuts.

Hi,

That was only half the HJT log...so please give it another try, thank-you

at the top of the notepad - press Edit > Select all before you copy...that way all the text from the note pad will be copied.

Please run the GMER program again...

• Please run GMER once again, using these instructions.
• Double click GMER.exe.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then proceed as indicated below to set it up for a more complete scan.
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Due to inactivity this topic will be closed.
If you need help please start a new thread and post a new HJT log