Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Another Generic11.bdde removal


  • This topic is locked This topic is locked
23 replies to this topic

#1 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 16 November 2009 - 10:20 PM

Hi:

I have been getting AVG resident protection notifications for Backdoor Trojan, Generic11.bdde on startup. It says that aec.sys and asyncmac.sys are the culprits. (claims the latter is whitelisted.) I have started by following your instructions to so far run ATF Cleaner and Malware Bytes. MWB reported some items that are new since the last time I ran it. AVG did'nt pick them up either. I run that every night. Below are the logs.

I googled both aec.sys and asyncmac.sys and see that they are legit files. Am I correct in assuming that they could have been somehow infected? Do I need to do more to clean up?

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

11/16/2009 7:32:50 PM
mbam-log-2009-11-16 (19-32-50).txt

Scan type: Quick Scan
Objects scanned: 107817
Time elapsed: 1 hour(s), 20 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 1
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\SYSTEM32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\SYSTEM32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
c:\WINDOWS\SYSTEM32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\logon.exe (Trojan.Agent) -> Delete on reboot.
================================================================================
=========

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:17:14 PM, on 11/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9560 bytes


I await your advise.
Al Tenuta Dell 2400 Windows XP

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 17 November 2009 - 09:04 AM

Hi altenuta, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Open hijackthis, do a system scan only and checkmark these lines, if present

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)


Close ALL other windows/browsers and click Fix Checked. Answer Yes if prompted. Close HJT.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • GMER log
  • both OTL logs
No need for a Hijackthis log this time.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 22 November 2009 - 03:06 PM

Hi: I'm going to start from scratch. I think I may have notgood up. I went back and restored to about a month back. I have run a new mbam scan. Hope you can help me. Malwarebytes' Anti-Malware 1.39 Database version: 2421 Windows 5.1.2600 Service Pack 3 11/22/2009 1:03:29 PM mbam-log-2009-11-22 (13-03-29).txt Scan type: Quick Scan Objects scanned: 107623 Time elapsed: 17 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 4 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe logon.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
Al Tenuta Dell 2400 Windows XP

#4 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 22 November 2009 - 04:57 PM

Hi Please post the logs I requested earlier. These logs will give us more information as to what is going on with your computer. Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#5 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 22 November 2009 - 08:42 PM

Here are the results of my GMER and OLT Scans. I also put in the Latest Hijackthis scan results if they are of any help.

GMER 1.0.15.15227 - http://www.gmer.net
Rootkit scan 2009-11-22 16:55:17
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\USER~1.PEE\LOCALS~1\Temp\uwtdapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
OTL logfile created on: 11/22/2009 5:00:08 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\User.PEECEE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 619.70 Mb Available Physical Memory | 60.64% Memory free
1.47 Gb Paging File | 1.05 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): F:\pagefile.sys 573 773 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 2.34 Gb Free Space | 6.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 456.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.92 Gb Total Space | 7.51 Gb Free Space | 50.32% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 1.42 Gb Free Space | 38.07% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEECEE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
PRC - F:\Program Files\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NwSapAgent) -- C:\WINDOWS\SYSTEM32\IPXSAP.DLL (Microsoft Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Pctspk) -- C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- F:\Program Files\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SASKUTIL) -- F:\Program Files\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NwlnkIpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PAC7302) -- C:\WINDOWS\SYSTEM32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASENUM) -- F:\Program Files\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys (RealNetworks, Inc.)
DRV - (ialm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINDOWS\SYSTEM32\DRIVERS\CoachAud.sys (FotoNation Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\SYSTEM32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys (Intel Corporation)
DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.)
DRV - (wanatw) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (sonypvs1) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (DCamUSBSQTECH) -- C:\WINDOWS\SYSTEM32\DRIVERS\sqcaptur.sys (Service & Quality Technology.)
DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation)
DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys (Sony Corporation)
DRV - (SONYPVU1) -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys (PCTEL, INC.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 71 8C CC 7B 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 06:39:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/05 17:56:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 18:54:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 05:36:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2007/12/22 09:05:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2009/05/20 18:41:10 | 00,000,000 | ---D | M]

[2008/06/20 20:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Extensions
[2008/06/20 20:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/22 14:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions
[2009/09/11 17:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/21 14:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/11/22 14:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/25 18:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2009/11/01 08:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/21 14:45:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2005/01/07 17:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions
[2004/12/21 21:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/01/07 17:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/22 14:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 17:36:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/07 14:05:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/14 18:55:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/22 07:26:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 17:36:08 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 17:36:08 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/10/02 19:59:57 | 00,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/06/01 15:51:16 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2004/12/22 08:08:32 | 00,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/06 17:36:11 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/03/30 20:18:23 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
[2005/08/09 10:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2003/08/04 14:19:02 | 00,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
[2009/09/04 18:26:41 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/04 18:26:42 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/27 07:40:29 | 00,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/04 18:26:42 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/04 18:26:42 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/04 18:26:42 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/04 18:26:43 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/04 18:26:43 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (2004 Backgammon Toolbar) - {6A04FF4A-AD9F-4FD4-8DA8-784E9C6271D2} - C:\Program Files\2004 Backgammon Toolbar\v2.0.0.2\2004_Backgammon_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] F:\Program Files\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [updateMgr] F:\Program Files\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = F:\Program Files\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredim...er/imloader.cab (IMDownloader Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.166.65.1 209.166.64.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SASWINLO.DLL - F:\Program Files\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/09/26 16:00:06 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Open\command - "" = autorun.exe
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/22 11:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft Private Data
[2009/11/19 19:58:50 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe
[2009/11/16 20:12:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/16 18:03:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\User.PEECEE\Desktop\ATF_Cleaner.exe
[2009/10/30 19:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User.PEECEE\My Documents\Recovery
[2009/10/30 16:36:47 | 00,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\User.PEECEE\My Documents\*.tmp files -> C:\Documents and Settings\User.PEECEE\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/22 16:57:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Upload Library.job
[2009/11/22 13:18:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/22 13:15:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/22 13:15:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/22 13:14:13 | 12,308,480 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\ntuser.dat
[2009/11/22 13:14:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User.PEECEE\NTUSER.INI
[2009/11/22 11:09:59 | 00,434,754 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/22 11:09:59 | 00,068,274 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/22 11:03:42 | 45,565,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:03:42 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/21 14:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/19 19:58:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe
[2009/11/16 20:12:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\HijackThis.lnk
[2009/11/16 18:03:01 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\User.PEECEE\Desktop\ATF_Cleaner.exe
[2009/11/16 09:53:33 | 00,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 00:11:57 | 00,491,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 00:07:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/14 20:10:04 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\gmer.exe
[2009/11/10 20:33:20 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/06 18:19:28 | 00,036,201 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\aher kkkkk.jpg
[2009/11/06 18:15:34 | 00,003,157 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253542848_716112848_2918908_5650630_s.jpg
[2009/11/06 18:12:57 | 00,036,054 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253572848_716112848_2918909_6489739_n.jpg
[2009/11/06 17:39:01 | 00,062,666 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\photo.php
[2009/11/06 17:32:34 | 00,013,965 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.rar
[2009/11/06 17:31:49 | 00,062,625 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.php
[2009/11/05 14:40:52 | 00,102,488 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 20:26:19 | 00,001,876 | -H-- | M] () -- C:\Documents and Settings\User.PEECEE\My Documents\Default.rdp
[2009/10/30 16:36:47 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\User.PEECEE\My Documents\*.tmp files -> C:\Documents and Settings\User.PEECEE\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/17 18:52:33 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\gmer.exe
[2009/11/16 20:12:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\HijackThis.lnk
[2009/11/06 18:19:26 | 00,036,201 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\aher kkkkk.jpg
[2009/11/06 18:14:50 | 00,003,157 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253542848_716112848_2918908_5650630_s.jpg
[2009/11/06 18:12:56 | 00,036,054 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253572848_716112848_2918909_6489739_n.jpg
[2009/11/06 17:38:56 | 00,062,666 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\photo.php
[2009/11/06 17:32:34 | 00,013,965 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.rar
[2009/11/06 17:31:45 | 00,062,625 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.php
[2009/11/01 16:55:55 | 12,308,480 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\ntuser.dat
[2009/10/30 16:36:48 | 00,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2009/10/30 16:36:47 | 00,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2009/09/07 13:26:41 | 00,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2007/12/22 11:59:11 | 00,001,427 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2007/05/09 16:57:04 | 00,102,104 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/20 15:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2007/03/09 18:54:25 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\dm.ini
[2007/03/09 18:54:23 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\AdobeDLM.log
[2007/02/10 16:28:17 | 00,000,262 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/08/01 10:48:57 | 01,958,898 | -H-- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\IconCache.db
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/26 10:08:05 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2006/04/29 11:08:52 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/19 21:38:08 | 00,000,156 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2005/11/16 23:30:04 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9553p4now.sys
[2005/10/01 17:53:55 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2005/08/10 19:22:11 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\WavCodec.wff
[2005/08/09 14:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/11 06:31:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/06 20:58:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/05/16 19:14:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\stsaver.ini
[2005/05/15 20:33:46 | 00,000,377 | ---- | C] () -- C:\WINDOWS\MediaFace.INI
[2005/05/15 09:29:54 | 00,004,672 | ---- | C] () -- C:\WINDOWS\WINMEM32.DLL
[2005/04/16 09:04:15 | 00,000,359 | ---- | C] () -- C:\WINDOWS\farmmext.ini
[2005/03/26 09:28:51 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/03/26 08:56:04 | 00,000,253 | ---- | C] () -- C:\WINDOWS\WSHORTEN.INI
[2005/03/03 18:02:52 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/03/03 18:02:52 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/03/03 18:02:52 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/03/03 18:02:51 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/03/02 17:57:45 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2005/03/02 17:30:55 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005/03/02 16:21:36 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/03/02 16:21:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/02/25 15:07:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/12/13 20:47:05 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IEIEJNP.ini
[2004/12/03 16:00:08 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/10/29 15:21:12 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2004/10/29 15:17:25 | 00,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2004/10/29 14:55:18 | 00,000,117 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/23 09:10:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/05 14:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/09/08 19:48:49 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/09/02 12:41:50 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\sdusbpdr.ini
[2004/08/28 06:00:59 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004/08/11 03:41:08 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004/08/11 03:03:13 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004/08/01 17:36:44 | 00,001,034 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2004/05/20 07:50:14 | 01,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/08 20:29:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/02/01 11:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/07 20:37:58 | 00,000,063 | ---- | C] () -- C:\WINDOWS\dgnet007.ini
[2004/01/03 21:37:50 | 00,005,133 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/03 16:06:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/07 19:48:31 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2003/12/04 22:01:10 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/12/04 21:56:52 | 00,001,609 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/12/04 21:56:52 | 00,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/11/29 17:25:04 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/11/29 15:31:06 | 00,000,448 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/11/25 18:46:24 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2003/11/24 19:28:53 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\PFP110JPR.{PB
[2003/11/24 19:28:53 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\PFP110JCM.{PB
[2003/11/23 19:56:01 | 00,217,600 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/23 16:11:03 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/23 15:03:20 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/11/23 14:40:09 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC82.ini
[2003/11/23 13:47:16 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\DESKTOP.INI
[2003/11/23 13:47:11 | 00,102,488 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/11/17 19:10:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/17 19:02:55 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/11/17 18:54:15 | 00,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/17 18:48:45 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/17 18:26:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/17 18:13:04 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/16 10:32:30 | 01,253,376 | ---- | C] () -- C:\WINDOWS\System32\mptiff.dll
[2003/08/07 11:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/30 19:29:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2003/04/21 00:00:00 | 01,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/04/21 00:00:00 | 00,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/04/21 00:00:00 | 00,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2002/11/24 04:40:36 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/09/03 06:59:58 | 00,001,151 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 06:50:58 | 00,000,256 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 06:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2001/12/26 15:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/12/29 09:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

========== LOP Check ==========

[2009/09/20 22:01:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/10/06 13:18:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2005/09/03 07:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/06/02 19:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft
[2003/12/21 01:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2005/09/18 18:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/10 12:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/11/17 18:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/05 17:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2005/09/24 18:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ACABF24D-CBAE-4A6E-87E7-591BB9F42931}
[2005/09/24 18:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2006/02/19 21:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Anvil Studio
[2009/05/29 12:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\AVGTOOLBAR
[2005/11/15 18:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Blumentals
[2004/08/01 17:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Cakewalk
[2009/04/28 17:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Canon
[2004/01/27 21:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Corel
[2007/10/08 17:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\FUJIFILM
[2007/07/01 12:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\InfraRecorder
[2008/11/30 18:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\iPod Copy Expert
[2003/11/23 18:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Leadertech
[2004/06/23 16:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\MX
[2005/11/10 15:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\NCH Swift Sound
[2008/11/23 08:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Netscape
[2005/01/16 17:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Nikon
[2007/11/29 21:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Nvu
[2005/09/18 10:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\ScanSoft
[2005/03/26 08:44:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Seven Zip
[2006/07/11 17:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Thunderbird
[2002/08/29 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/11/22 16:57:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job
[2009/11/22 13:15:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/07/23 22:23:09 | 00,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\System Restore.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AD0EB3C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
< End of report >
OTL Extras logfile created on: 11/22/2009 5:00:08 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\User.PEECEE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 619.70 Mb Available Physical Memory | 60.64% Memory free
1.47 Gb Paging File | 1.05 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): F:\pagefile.sys 573 773 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 2.34 Gb Free Space | 6.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 456.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.92 Gb Total Space | 7.51 Gb Free Space | 50.32% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 1.42 Gb Free Space | 38.07% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEECEE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"177:TCP" = 177:TCP:LocalSubNet:Enabled:Nick

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- File not found
"C:\Documents and Settings\User.PEECEE\Desktop\i stuff\iTunes.exe" = C:\Documents and Settings\User.PEECEE\Desktop\i stuff\iTunes.exe:*:Enabled:iTunes -- File not found
"C:\Documents and Settings\User.PEECEE\Desktop\iTunes.exe" = C:\Documents and Settings\User.PEECEE\Desktop\iTunes.exe:*:Enabled:iTunes -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- File not found
"C:\Program Files\Motorola\RSD Lite\SDL.exe" = C:\Program Files\Motorola\RSD Lite\SDL.exe:*:Enabled:SDL -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP470_series" = Canon MP470 series
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{244E21B9-164C-4EC1-AED8-9BD64161E66D}" = ArcSoft VideoImpression 2
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.3
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}" = iTunes
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{867DD3AD-D155-4035-AAB3-E74673AC8464}" = PC VGA Camer@ Plus
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A47CC380-5C96-4542-98EA-23884ECB42C6}" = Win32
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF10D7E4-D29A-45DA-8050-B116097B69B5}" = Safari
"{B7EE8B5C-7911-4DA5-9871-75CAEB631A69}" = Media Wizard
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}" = U3Launcher
"{E84D2015-4FEB-40CC-A2DD-1A6B8BAC2429}" = OpenMG Secure Module 3.0.03
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"2004 Backgammon" = 2004 Backgammon 4.0
"2004 Backgammon Toolbar" = 2004 Backgammon Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.2 (Remove Only)
"Agent Ransack_is1" = Agent Ransack Version 1.7.3
"All Video Converter_is1" = All Video Converter 1.0
"America Online us" = America Online (Choose which version to remove)
"AVG8Uninstall" = AVG Free 8.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Canon MP470 series User Registration" = Canon MP470 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"EPSON Printer and Utilities" = EPSON Printer Software
"Football Playbook 010_is1" = Football Playbook 010
"FunWebProductsInstaller" = Fun Web Products Easy Installer
"HCC Lite" = HCC Lite
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{867DD3AD-D155-4035-AAB3-E74673AC8464}" = PC VGA Camer@ Plus
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Web Developer 2005 Express Edition - ENU" = Microsoft Visual Web Developer 2005 Express Edition - ENU
"Mozilla Firefox (3.5.4)" = Mozilla Firefox (3.5.4)
"Mozilla Thunderbird (1.5.0.14)" = Mozilla Thunderbird (1.5.0.14)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PHOTOVU LINK & CARD LINK" = PHOTOVU LINK & CARD LINK
"Picasa 3" = Picasa 3
"QuickTime 3.0" = QuickTime 3.0
"ShockwaveFlash" = Macromedia Flash Player 8
"The Sims" = The Sims
"UndeletePlus™_is1" = UndeletePlus™ 3.0.0.602
"WinASO Registry Optimizer 2.7_is1" = WinASO Registry Optimizer 2.7
"WinASO Registry Optimizer 3.0.6_is1" = WinASO Registry Optimizer 3.0.6
"Windows Media Encoder 7" = Windows Media Encoder 7.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/6/2009 7:08:45 PM | Computer Name = PEECEE | Source = MsiInstaller | ID = 10005
Description = Product: Skype web features -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2738. The arguments are: , ,

Error - 9/7/2009 4:35:40 PM | Computer Name = PEECEE | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.1.0.166, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 9/19/2009 7:02:11 PM | Computer Name = PEECEE | Source = Application Error | ID = 1000
Description = Faulting application rdl318.tmp.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00095fff.

Error - 9/29/2009 12:14:13 AM | Computer Name = PEECEE | Source = Application Error | ID = 1000
Description = Faulting application acrord32.exe, version 7.0.8.218, faulting module
msvcr71.dll, version 7.10.3052.4, fault address 0x00002cd0.

Error - 11/5/2009 6:39:45 PM | Computer Name = PEECEE | Source = MsiInstaller | ID = 10005
Description = Product: Skype web features -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2738. The arguments are: , ,

Error - 11/20/2009 6:14:23 PM | Computer Name = PEECEE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00060206.

Error - 11/20/2009 6:14:48 PM | Computer Name = PEECEE | Source = Application Error | ID = 1000
Description = Faulting application DRWTSN32.EXE, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 11/22/2009 3:09:56 PM | Computer Name = PEECEE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7112, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 11/22/2009 3:09:56 PM | Computer Name = PEECEE | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 11/22/2009 3:09:59 PM | Computer Name = PEECEE | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 7112, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 11/22/2009 10:23:51 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:23:54 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:23:56 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:39:35 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:39:37 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:41:12 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:41:14 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:41:30 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 10:41:33 AM | Computer Name = PEECEE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 11/22/2009 5:00:14 PM | Computer Name = PEECEE | Source = Print | ID = 6161
Description = The document Another Generic11.bdde removal owned by User failed to
print on printer Canon MP470 series Printer. Data type: NT EMF 1.008. Size of the
spool file in bytes: 1735504. Number of bytes printed: 434760. Total number of
pages in the document: 10. Number of pages printed: 0. Client machine: \\PEECEE.
Win32 error code returned by the print processor: 13 (0xd).


< End of report >
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:08:58 PM, on 11/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
F:\Program Files\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Program Files\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "F:\Program Files\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = F:\Program Files\Reader\reader_sl.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 9257 bytes
Al Tenuta Dell 2400 Windows XP

#6 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 23 November 2009 - 12:59 AM

Hi altenuta,

You have several pictures (jpgs) saved to your desktop, do you know what they are and did you put them there?

You have some old vulnerable java installed.

  • Click Start > Control Panel > Add/Remove programs and uninstall if present
Java 2 Runtime Environment, SE v1.4.2
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 6
Java™ 6 Update 5


Do not uninstall Java™ 6 Update 15


Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (2004 Backgammon Toolbar) - {6A04FF4A-AD9F-4FD4-8DA8-784E9C6271D2} - C:\Program Files\2004 Backgammon Toolbar\v2.0.0.2\2004_Backgammon_Toolbar.dll ()
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Open\command - "" = autorun.exe
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell\AutoRun - "" = Auto&Play

:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" =-
:Files

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
  • Let the program run unhindered

Please post a new OTL log. How's the computer, what symptoms are you experiencing?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#7 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 23 November 2009 - 09:00 PM

Here's the latest OTL log. The jpgs on our desktop are all family pictures. No unknowns. I know jpgs can carry bad binary code. The computer seems to be running fine. The only real problem I was having was that firefox was going crazy when scrolling long pages. It wouldn't let the mouse focus on links and the scroll bare was jumping up and down. What I was really worried about was possible keyloggers and such. I have been getting spam from Skype. Also, I worry that my wife might allow something she shouldn't. She surfs alot of shopping sites, etc. Sure don't want our bank logons and cc#'s compromised. Also my security logs made it sound like logon.exe was being messed with from outside. Also, noticed that the Windows Firewall was turned off. I'm pretty sure I didn't disable it. Whoops. I spoke too soon. The browser seems to be acting up. Maybe it's just Firefox. I'll open IE and Safari. See if they act up. Let me know if you think the Browser problem is a symptom of any nastiness remaining. I'll let you know if it's just FF. Thank you for your help. Al All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{6A04FF4A-AD9F-4FD4-8DA8-784E9C6271D2} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A04FF4A-AD9F-4FD4-8DA8-784E9C6271D2}\ deleted successfully. C:\Program Files\2004 Backgammon Toolbar\v2.0.0.2\2004_Backgammon_Toolbar.dll moved successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fbf06ee-41ef-11de-ad80-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fbf06ee-41ef-11de-ad80-00038a000015}\ not found. File autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fbf06ee-41ef-11de-ad80-00038a000015}\ not found. File autorun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd07927b-de8f-11dc-a105-00038a000015}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd07927b-de8f-11dc-a105-00038a000015}\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 163723 bytes ->Temporary Internet Files folder emptied: 682995 bytes User: Stickly ->Temporary Internet Files folder emptied: 269305 bytes User: User ->Temp folder emptied: 319608 bytes ->Temporary Internet Files folder emptied: 1770268 bytes User: User.PEECEE ->Temp folder emptied: 318491805 bytes ->Temporary Internet Files folder emptied: 62308089 bytes ->Java cache emptied: 71330167 bytes ->FireFox cache emptied: 111357468 bytes ->Apple Safari cache emptied: 167014971 bytes User: USER~1~PEE %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 231656 bytes %systemroot%\System32 .tmp files removed: 1187719 bytes Windows Temp folder emptied: 65554472 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10428250 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 184381 bytes RecycleBin emptied: 1096466 bytes Total Files Cleaned = 774.91 mb OTL by OldTimer - Version 3.1.6.0 log created on 11232009_181705 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
Al Tenuta Dell 2400 Windows XP

#8 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 23 November 2009 - 11:17 PM

Hi altenuta,

logon.exe is not a windows file. MBAM removed it along with the other visible infection. I don't see anything remaining in the logs, but we will look a little deeper.

Given the malware that was present on your computer, I strongly suggest you do the following immediately:
  • From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passwords and transaction information.
You may also want to contact your financial company and let them know what has happened.

How Do I Handle Possible Identify Theft, Internet Fraud and Credit Card Fraud?


Re-enable the Windows firewall if you haven't all ready done so.


Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#9 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 24 November 2009 - 01:26 AM

Here is the Combo Fix Log. Did it find anymore problems?

Thanks again for your help

Al

ComboFix 09-11-23.02 - User 11/23/2009 22:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.487 [GMT -8:00]
Running from: c:\documents and settings\User.PEECEE\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft Private Data
c:\recycler\S-1-5-21-1823625284-287506423-1955285790-1011
c:\recycler\S-1-5-21-3252328098-71414409-2463015037-501
c:\windows\Downloaded Program Files\RdxIE.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 02:17 . 2009-11-24 02:17 -------- d-----w- C:\_OTL
2009-11-22 19:04 . 2009-11-22 19:04 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-17 04:12 . 2009-11-17 04:12 -------- d-----w- c:\program files\Trend Micro
2009-10-31 00:36 . 2009-10-31 00:36 -------- d-----w- c:\program files\PC Inspector File Recovery
2009-10-29 00:30 . 2006-04-12 21:27 180224 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\U3AppWrapper.exe
2009-10-29 00:29 . 2006-04-12 21:27 72192 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKLIST.EXE
2009-10-29 00:29 . 2006-04-12 21:27 72192 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\TASKKILL.EXE
2009-10-29 00:29 . 2006-04-12 21:27 325 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\stopApp.bat
2009-10-29 00:29 . 2006-01-21 21:02 15 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\run_me.bat
2009-10-29 00:29 . 2006-01-27 19:11 1824884 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\master.exe
2009-10-29 00:29 . 2006-04-12 21:27 40960 ----a-w- c:\documents and settings\User.PEECEE\Application Data\U3\0000060514001429\79EB5C19-AB0E-4dd7-BE89-BF96301D35Z8\Exec\appstop.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 07:02 . 2009-09-06 23:09 -------- d-----w- c:\documents and settings\User.PEECEE\Application Data\Skype
2009-11-24 06:27 . 2008-06-11 04:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-11-24 02:30 . 2009-09-06 23:14 -------- d-----w- c:\documents and settings\User.PEECEE\Application Data\skypePM
2009-11-24 02:13 . 2003-11-18 02:40 -------- d-----w- c:\program files\Java
2009-11-23 16:31 . 2006-07-12 01:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-22 20:51 . 2009-05-20 01:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-05 22:40 . 2003-11-23 21:47 102488 ----a-w- c:\documents and settings\User.PEECEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-31 00:36 . 2003-11-18 02:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-29 00:29 . 2007-04-10 19:34 -------- d-----w- c:\documents and settings\User.PEECEE\Application Data\U3
2009-10-23 04:53 . 2008-08-23 18:43 84624 ---ha-w- c:\windows\system32\mlfcache.dat
2009-09-11 14:18 . 2004-10-23 17:10 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-06 23:14 . 2009-09-06 23:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-04 21:03 . 2004-10-23 17:10 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-06-18 06:49 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-28 16:18 . 2008-06-11 04:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-28 16:18 . 2008-06-11 04:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-28 16:17 . 2008-06-11 04:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-26 08:00 . 2004-10-23 17:10 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="f:\program files\Reader\AdobeUpdateManager.exe AcRdB7_0_9 -reboot 1" [X]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-22 126976]
"BuildBU"="c:\dell\bldbubg.exe" [2003-09-10 61440]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"Adobe Photo Downloader"="f:\program files\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-2-28 113664]
Adobe Reader Speed Launch.lnk - f:\program files\Reader\reader_sl.exe [2005-9-23 29696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "f:\program files\SASSEH.DLL" [2008-06-10 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-05-15 03:37 356352 ----a-w- f:\program files\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-28 16:18 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [6/10/2008 8:45 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [6/10/2008 8:45 PM 108552]
R1 SASDIFSV;SASDIFSV;f:\program files\SASDIFSV.SYS [10/10/2006 1:53 PM 9968]
R1 SASKUTIL;SASKUTIL;f:\program files\SASKUTIL.SYS [2/27/2007 12:39 PM 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/4/2009 6:57 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/4/2008 6:39 AM 297752]
R3 PAC7302;PC VGA Camer@ Plus;c:\windows\SYSTEM32\DRIVERS\PAC7302.SYS [9/10/2007 7:50 AM 457984]
S3 SASENUM;SASENUM;f:\program files\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 Dns_aked;Dns_aked; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2009-11-24 c:\windows\Tasks\PCHealth Scheduler for Upload Library.job
- c:\windows\PCHealth\UploadLB\Binaries\UploadM.exe [2004-10-23 00:12]

2008-07-24 c:\windows\Tasks\System Restore.job
- c:\windows\SYSTEM32\Restore\rstrui.exe [2004-10-23 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = about:blank
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF - plugin: f:\program files\Reader\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.
- - - - ORPHANS REMOVED - - - -

AddRemove-2004 Backgammon Toolbar - c:\windows\2004_Backgammon_Toolbar_Uninstaller_3703.exe _?=c:\program files\2004 Backgammon Toolbar
AddRemove-BCM V.92 56K Modem - c:\windows\BCMSMU.exe quiet
AddRemove-CanonMyPrinter - c:\program files\Canon\MyPrinter\uninst.exe uninst.ini
AddRemove-CanonSolutionMenu - c:\program files\Canon\SolutionMenu\uninst.exe uninst.ini
AddRemove-HijackThis - H:\HijackThis.exe
AddRemove-UndeletePlus™_is1 - h:\undeleteplus\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-23 22:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
f:\program files\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3472)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\pctspk.exe
c:\windows\wanmpsvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-23 23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-24 07:16

Pre-Run: 7,637,213,184 bytes free
Post-Run: 7,164,710,912 bytes free

- - End Of File - - B5B6D33FFF1FC66E3C4687C647F00B6C
Al Tenuta Dell 2400 Windows XP

#10 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 24 November 2009 - 07:42 AM

Hi altenuta,

Combofix found a few leftovers.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield
  • Do not copy the word CODE , please note the script starts with the :
    :service
    Dns_aked
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


We'll update the java abd do an online scan. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now

Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK



*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • SystemLook results
  • Kaspersky log
  • new OTL log taken last
Any remaining problems?

Thanks

After the java is updated, reboot your computer if not prompted to.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

    Advertisements

Register to Remove


#11 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 28 November 2009 - 10:13 PM

Hi Are you still with us? Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 30 November 2009 - 09:53 PM

Sorry was away over trhe holiday. I am running your latest instructions. Al
Al Tenuta Dell 2400 Windows XP

#13 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 30 November 2009 - 10:00 PM

Hi No problem. Post when the scan is finished.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#14 altenuta

altenuta

    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 02 December 2009 - 02:51 AM

Here are the OTL, SystemLook and Kapersky logs.

OTL logfile created on: 11/22/2009 5:00:08 PM - Run 1
OTL by OldTimer - Version 3.1.6.0 Folder = C:\Documents and Settings\User.PEECEE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 619.70 Mb Available Physical Memory | 60.64% Memory free
1.47 Gb Paging File | 1.05 Gb Available in Paging File | 71.54% Paging File free
Paging file location(s): F:\pagefile.sys 573 773 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.25 Gb Total Space | 2.34 Gb Free Space | 6.12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 456.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 14.92 Gb Total Space | 7.51 Gb Free Space | 50.32% Space Free | Partition Type: NTFS
Drive G: | 3.72 Gb Total Space | 1.42 Gb Free Space | 38.07% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEECEE
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)
PRC - C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
PRC - C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
PRC - F:\Program Files\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
PRC - C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
PRC - C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SYSTEM32\WBEM\framedyn.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (FontCache3.0.0.0) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (p2pgasvc) -- C:\WINDOWS\SYSTEM32\p2pgasvc.dll (Microsoft Corporation)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iprip) -- C:\WINDOWS\SYSTEM32\iprip.dll (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe (America Online, Inc.)
SRV - (WANMiniportService) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)
SRV - (NwSapAgent) -- C:\WINDOWS\SYSTEM32\IPXSAP.DLL (Microsoft Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (Pctspk) -- C:\WINDOWS\SYSTEM32\pctspk.exe (PCtel, Inc.)


========== Driver Services (SafeList) ==========

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- F:\Program Files\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (SASKUTIL) -- F:\Program Files\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NwlnkIpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\nwlnkipx.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Secdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PAC7302) -- C:\WINDOWS\SYSTEM32\DRIVERS\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (SASENUM) -- F:\Program Files\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (MCSTRM) -- C:\WINDOWS\SYSTEM32\DRIVERS\mcstrm.sys (RealNetworks, Inc.)
DRV - (ialm) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (Afc) -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys (Arcsoft, Inc.)
DRV - (CoachAud) -- C:\WINDOWS\SYSTEM32\DRIVERS\CoachAud.sys (FotoNation Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\SYSTEM32\DRIVERS\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmkchw.sys (Intel Corporation)
DRV - (smwdm) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.)
DRV - (wanatw) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (sonypvs1) -- C:\WINDOWS\SYSTEM32\DRIVERS\sonypvs1.sys (Sony Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKNB.SYS (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPX.SYS (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
DRV - (DCamUSBSQTECH) -- C:\WINDOWS\SYSTEM32\DRIVERS\sqcaptur.sys (Service & Quality Technology.)
DRV - (aeaudio) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation)
DRV - (NETMDUSB) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys (Sony Corporation)
DRV - (SONYPVU1) -- C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Vpctcom) -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys (PCtel, Inc.)
DRV - (Vvoice) -- C:\WINDOWS\System32\DRIVERS\vvoice.sys (PCtel, Inc.)
DRV - (Vmodem) -- C:\WINDOWS\System32\DRIVERS\vmodem.sys (PCTEL, INC.)
DRV - (Ptserlp) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptserlp.sys (PCTEL, INC.)
DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 71 8C CC 7B 7F FB 0D C7 48 7E BE 12 BE E1 AD BE 28 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/11/03 06:39:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/10/05 17:56:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/14 18:54:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/11 05:36:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/06 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/06 17:36:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\Program Files\Mozilla Thunderbird\components\ [2007/12/22 09:05:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins\ [2009/05/20 18:41:10 | 00,000,000 | ---D | M]

[2008/06/20 20:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Extensions
[2008/06/20 20:02:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/22 14:20:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions
[2009/09/11 17:22:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/21 14:46:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/11/22 14:19:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/25 18:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2009/11/01 08:55:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/21 14:45:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\ci0bplqa.Default User\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2005/01/07 17:51:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions
[2004/12/21 21:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2005/01/07 17:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Mozilla\Firefox\Profiles\qfpfppcb.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/11/22 14:20:35 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 17:36:16 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/07 14:05:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/05/14 18:55:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/22 07:26:13 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/06 17:36:08 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/06 17:36:08 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2006/10/02 19:59:57 | 00,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/06/01 15:51:16 | 00,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2004/12/22 08:08:32 | 00,110,592 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/06 17:36:11 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/12/18 04:18:30 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2007/06/08 10:59:45 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2006/03/30 20:18:23 | 00,106,496 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll
[2005/08/09 10:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
[2003/08/04 14:19:02 | 00,438,272 | ---- | M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll
[2009/09/04 18:26:41 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/09/04 18:26:42 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/06/27 07:40:29 | 00,001,490 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/09/04 18:26:42 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/09/04 18:26:42 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/09/04 18:26:42 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/09/04 18:26:43 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/09/04 18:26:43 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-C0FF-FA7FB592BF30} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (2004 Backgammon Toolbar) - {6A04FF4A-AD9F-4FD4-8DA8-784E9C6271D2} - C:\Program Files\2004 Backgammon Toolbar\v2.0.0.2\2004_Backgammon_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] F:\Program Files\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [BuildBU] c:\DELL\BLDBUBG.EXE ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SYSTEM32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\SYSTEM32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [updateMgr] F:\Program Files\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = F:\Program Files\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LaunchU3.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\SYSTEM32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} http://download.micr...0367/wmavax.CAB (Reg Error: Key error.)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zon...kr.cab31267.cab (Checkers Class)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zon...er.cab31267.cab (Minesweeper Flags Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} http://software-dl.r...ip/RdxIE601.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zon...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} http://www2.incredim...er/imloader.cab (IMDownloader Class)
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} http://messenger.zon...wn.cab31267.cab (Solitaire Showdown Class)
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} http://pdl.stream.ao.../ampx_en_dl.cab (IWinAmpActiveX Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.166.65.1 209.166.64.3
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SASWINLO.DLL - F:\Program Files\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 06:59:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/09/26 16:00:06 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{8fbf06ee-41ef-11de-ad80-00038a000015}\Shell\Open\command - "" = autorun.exe
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{fd07927b-de8f-11dc-a105-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/22 11:04:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft Private Data
[2009/11/19 19:58:50 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe
[2009/11/16 20:12:55 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/16 18:03:01 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\User.PEECEE\Desktop\ATF_Cleaner.exe
[2009/10/30 19:38:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\User.PEECEE\My Documents\Recovery
[2009/10/30 16:36:47 | 00,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\User.PEECEE\My Documents\*.tmp files -> C:\Documents and Settings\User.PEECEE\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/22 16:57:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Upload Library.job
[2009/11/22 13:18:26 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/11/22 13:15:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/22 13:15:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/11/22 13:14:13 | 12,308,480 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\ntuser.dat
[2009/11/22 13:14:13 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\User.PEECEE\NTUSER.INI
[2009/11/22 11:09:59 | 00,434,754 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/11/22 11:09:59 | 00,068,274 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/11/22 11:03:42 | 45,565,874 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/22 11:03:42 | 00,098,480 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/21 14:17:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/11/19 19:58:51 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User.PEECEE\Desktop\OTL.exe
[2009/11/16 20:12:57 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\HijackThis.lnk
[2009/11/16 18:03:01 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\User.PEECEE\Desktop\ATF_Cleaner.exe
[2009/11/16 09:53:33 | 00,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/16 00:11:57 | 00,491,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/16 00:07:39 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/14 20:10:04 | 00,291,840 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\gmer.exe
[2009/11/10 20:33:20 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/11/06 18:19:28 | 00,036,201 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\aher kkkkk.jpg
[2009/11/06 18:15:34 | 00,003,157 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253542848_716112848_2918908_5650630_s.jpg
[2009/11/06 18:12:57 | 00,036,054 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253572848_716112848_2918909_6489739_n.jpg
[2009/11/06 17:39:01 | 00,062,666 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\photo.php
[2009/11/06 17:32:34 | 00,013,965 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.rar
[2009/11/06 17:31:49 | 00,062,625 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.php
[2009/11/05 14:40:52 | 00,102,488 | ---- | M] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/05 09:36:22 | 26,768,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 20:26:19 | 00,001,876 | -H-- | M] () -- C:\Documents and Settings\User.PEECEE\My Documents\Default.rdp
[2009/10/30 16:36:47 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Documents and Settings\User.PEECEE\My Documents\*.tmp files -> C:\Documents and Settings\User.PEECEE\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/17 18:52:33 | 00,291,840 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\gmer.exe
[2009/11/16 20:12:57 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\HijackThis.lnk
[2009/11/06 18:19:26 | 00,036,201 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\aher kkkkk.jpg
[2009/11/06 18:14:50 | 00,003,157 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253542848_716112848_2918908_5650630_s.jpg
[2009/11/06 18:12:56 | 00,036,054 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\14436_183253572848_716112848_2918909_6489739_n.jpg
[2009/11/06 17:38:56 | 00,062,666 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\photo.php
[2009/11/06 17:32:34 | 00,013,965 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.rar
[2009/11/06 17:31:45 | 00,062,625 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Desktop\asher hat.php
[2009/11/01 16:55:55 | 12,308,480 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\ntuser.dat
[2009/10/30 16:36:48 | 00,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
[2009/10/30 16:36:47 | 00,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
[2009/09/07 13:26:41 | 00,000,322 | ---- | C] () -- C:\WINDOWS\System32\Remover.ini
[2007/12/22 11:59:11 | 00,001,427 | ---- | C] () -- C:\WINDOWS\System32\LXBRSET.INI
[2007/05/09 16:57:04 | 00,102,104 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\GDIPFONTCACHEV1.DAT
[2007/03/20 15:44:02 | 00,000,566 | ---- | C] () -- C:\WINDOWS\System32\SP7302.ini
[2007/03/09 18:54:25 | 00,000,006 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\dm.ini
[2007/03/09 18:54:23 | 00,001,559 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\AdobeDLM.log
[2007/02/10 16:28:17 | 00,000,262 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2006/08/01 10:48:57 | 01,958,898 | -H-- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\IconCache.db
[2006/06/29 13:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 13:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/06/26 10:08:05 | 00,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2006/04/29 11:08:52 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 14:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 14:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/02/19 21:38:08 | 00,000,156 | ---- | C] () -- C:\WINDOWS\ae_mini.INI
[2005/11/16 23:30:04 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9553p4now.sys
[2005/10/01 17:53:55 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6s.DLL
[2005/08/10 19:22:11 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\WavCodec.wff
[2005/08/09 14:12:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/11 06:31:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/06 20:58:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/05/16 19:14:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\stsaver.ini
[2005/05/15 20:33:46 | 00,000,377 | ---- | C] () -- C:\WINDOWS\MediaFace.INI
[2005/05/15 09:29:54 | 00,004,672 | ---- | C] () -- C:\WINDOWS\WINMEM32.DLL
[2005/04/16 09:04:15 | 00,000,359 | ---- | C] () -- C:\WINDOWS\farmmext.ini
[2005/03/26 09:28:51 | 00,000,192 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/03/26 08:56:04 | 00,000,253 | ---- | C] () -- C:\WINDOWS\WSHORTEN.INI
[2005/03/03 18:02:52 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2005/03/03 18:02:52 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2005/03/03 18:02:52 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2005/03/03 18:02:51 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2005/03/02 17:57:45 | 00,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2005/03/02 17:30:55 | 00,000,107 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2005/03/02 16:21:36 | 03,423,744 | ---- | C] () -- C:\WINDOWS\System32\libfilefmt-1.1.0.dll
[2005/03/02 16:21:36 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\libavi-dd-1.2.0.dll
[2005/02/25 15:07:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/12/13 20:47:05 | 00,000,045 | ---- | C] () -- C:\WINDOWS\IEIEJNP.ini
[2004/12/03 16:00:08 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2004/10/29 15:21:12 | 00,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2004/10/29 15:17:25 | 00,000,783 | ---- | C] () -- C:\WINDOWS\NTIWVEDT.INI
[2004/10/29 14:55:18 | 00,000,117 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll
[2004/10/23 09:10:35 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/05 14:37:20 | 00,258,048 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2004/09/08 19:48:49 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2004/09/02 12:41:50 | 00,001,697 | ---- | C] () -- C:\WINDOWS\System32\sdusbpdr.ini
[2004/08/28 06:00:59 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\MPEGCreator.dll
[2004/08/11 03:41:08 | 00,270,336 | ---- | C] () -- C:\WINDOWS\System32\WMVCreator.dll
[2004/08/11 03:03:13 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\AVICreator.dll
[2004/08/01 17:36:44 | 00,001,034 | ---- | C] () -- C:\WINDOWS\netdet.ini
[2004/05/20 07:50:14 | 01,537,536 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-hi.dll
[2004/02/08 20:29:15 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/02/01 11:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2004/01/07 20:37:58 | 00,000,063 | ---- | C] () -- C:\WINDOWS\dgnet007.ini
[2004/01/03 21:37:50 | 00,005,133 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/01/03 16:06:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/12/07 19:48:31 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2003/12/04 22:01:10 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2003/12/04 21:56:52 | 00,001,609 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2003/12/04 21:56:52 | 00,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2003/11/29 17:25:04 | 00,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2003/11/29 15:31:06 | 00,000,448 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/11/25 18:46:24 | 00,262,416 | ---- | C] () -- C:\WINDOWS\System32\Asfv2.dll
[2003/11/24 19:28:53 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\PFP110JPR.{PB
[2003/11/24 19:28:53 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\PFP110JCM.{PB
[2003/11/23 19:56:01 | 00,217,600 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/11/23 16:11:03 | 00,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/11/23 15:03:20 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2003/11/23 14:40:09 | 00,000,045 | ---- | C] () -- C:\WINDOWS\EPSC82.ini
[2003/11/23 13:47:16 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\User.PEECEE\Application Data\DESKTOP.INI
[2003/11/23 13:47:11 | 00,102,488 | ---- | C] () -- C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2003/11/17 19:10:36 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/11/17 19:02:55 | 00,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2003/11/17 18:54:15 | 00,000,292 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/17 18:48:45 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/11/17 18:26:52 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/11/17 18:13:04 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/11/16 10:32:30 | 01,253,376 | ---- | C] () -- C:\WINDOWS\System32\mptiff.dll
[2003/08/07 11:01:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/07/30 19:29:08 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2003/04/21 00:00:00 | 01,036,800 | ---- | C] () -- C:\WINDOWS\System32\libmpeg-1.0.0.dll
[2003/04/21 00:00:00 | 00,987,136 | ---- | C] () -- C:\WINDOWS\System32\liboggvorbis-1.0.0.dll
[2003/04/21 00:00:00 | 00,696,832 | ---- | C] () -- C:\WINDOWS\System32\libmcl-2.8.0.dll
[2002/11/24 04:40:36 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\ac3encode.dll
[2002/09/03 06:59:58 | 00,001,151 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2002/09/03 06:50:58 | 00,000,256 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2002/09/03 06:50:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2001/12/26 15:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 22:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/12/29 09:34:01 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll

========== LOP Check ==========

[2009/09/20 22:01:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/10/06 13:18:59 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2005/09/03 07:42:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2008/06/02 19:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Jes-Soft
[2003/12/21 01:23:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground Demo
[2005/09/18 18:30:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/02/10 12:34:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2003/11/17 18:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/05 17:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2005/09/24 18:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ACABF24D-CBAE-4A6E-87E7-591BB9F42931}
[2005/09/24 18:17:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2006/02/19 21:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Anvil Studio
[2009/05/29 12:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\AVGTOOLBAR
[2005/11/15 18:01:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Blumentals
[2004/08/01 17:38:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Cakewalk
[2009/04/28 17:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Canon
[2004/01/27 21:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Corel
[2007/10/08 17:37:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\FUJIFILM
[2007/07/01 12:57:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\InfraRecorder
[2008/11/30 18:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\iPod Copy Expert
[2003/11/23 18:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Leadertech
[2004/06/23 16:17:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\MX
[2005/11/10 15:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\NCH Swift Sound
[2008/11/23 08:49:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Netscape
[2005/01/16 17:54:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Nikon
[2007/11/29 21:52:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Nvu
[2005/09/18 10:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\ScanSoft
[2005/03/26 08:44:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Seven Zip
[2006/07/11 17:09:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User.PEECEE\Application Data\Thunderbird
[2002/08/29 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/11/22 16:57:00 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job
[2009/11/22 13:15:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2008/07/23 22:23:09 | 00,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\System Restore.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AD0EB3C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A2947BEA
< End of report >
SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:48 on 30/11/2009 by User (Administrator - Elevation successful)

========== service ==========

Dns_aked
Dns_aked
(No Description)
Current Status: Stopped
Startup Type: Disabled
Error Control: Unable to Determine
Binary:
Group: SpoolerGroup
SafeBoot:
Dependencies:
(none)
Dependant Services:
(none)

-=End Of File=-

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, December 2, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, December 02, 2009 00:38:36
Records in database: 3320487
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
J:\

Scan statistics:
Objects scanned: 226564
Threats found: 28
Infected objects found: 37
Suspicious objects found: 5
Scan duration: 05:44:45


File name / Threat / Threats count
C:\Documents and Settings\User.PEECEE\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Program Files\Microsoft AntiSpyware\Quarantine\903A0E41-4380-42D7-99E3-C133FA\EE3A5433-DF20-46E9-8C88-7FF2E4 Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.da 1
C:\WINDOWS\SYSTEM32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.cq 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\7ND3J9OW\wbk25.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\A5XUNEHO\nCaseInstaller[1].cab Infected: not-a-virus:AdWare.Win32.180Solutions 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\ERAVMT2R\popup[1].htm Infected: Trojan.JS.NoClose.a 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\I5GDG58D\pup[1].htm Infected: Trojan.JS.NoClose.c 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\KJ5FYENX\wbk36.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\Q9WNAP2H\iMeshV4[1].exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VNHRFDO8\nCaseInstaller[1].cab Infected: not-a-virus:AdWare.Win32.180Solutions 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\iMeshV4[1].exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\wbk12.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\wbkB.tmp Suspicious: Exploit.HTML.Iframe.FileDownload 1
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\WeatherAutoCAST0010[1].cab Infected: not-a-virus:AdWare.Win32.SaveNow.bx 1
F:\Program Files\Common Files\CMEII\apps\DateManager\datemanager.zip Infected: not-a-virus:AdWare.Win32.Gator.2001 1
F:\Program Files\Common Files\CMEII\apps\DateManager\InstallDateManager.exe Infected: not-a-virus:AdWare.Win32.Gator.2001 1
F:\Program Files\Common Files\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe Infected: not-a-virus:AdWare.Win32.Gator.2002 1
F:\Program Files\Common Files\CMEII\apps\PrecisionTime\precisiontime.zip Infected: not-a-virus:AdWare.Win32.Gator.2002 1
F:\Program Files\Common Files\CMEII\store\apps\datemanager.zip Infected: not-a-virus:AdWare.Win32.Gator.2001 1
F:\Program Files\Common Files\CMEII\store\apps\precisiontime.zip Infected: not-a-virus:AdWare.Win32.Gator.2002 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.Cydoor 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.Cydoor.c 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 5
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.WebHancer 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 2
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.35684 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.Altnet.a 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: Trojan.Win32.Genome.alet 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e 1
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe Infected: Trojan.Win32.Krepper.y 1

Selected area has been scanned.

Thanks,
Al
Al Tenuta Dell 2400 Windows XP

#15 oldman960

oldman960

    Forum God

  • Retired Classroom Teacher
  • 14,770 posts

Posted 02 December 2009 - 08:33 PM

Hi altenuta,

OTL logfile created on: 11/22/2009 5:00:08 PM - Run 1

That's an old OTL log. We'll get a current one after this quick fix.

Not sure what sites you have been visiting but you seem to have picked up some adware and other junk in your Temporary Internet Files.

You have an infected email in the Deleted Items folder in OutLook Express. We can't use a tool or we will risk corrupting the account. Please empty the Deleted Items folder in all user account.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Files
C:\WINDOWS\SYSTEM32\cmd.ftp 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\7ND3J9OW\wbk25.tmp 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\A5XUNEHO\nCaseInstaller[1].cab 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\ERAVMT2R\popup[1].htm 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\I5GDG58D\pup[1].htm
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\KJ5FYENX\wbk36.tmp 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\Q9WNAP2H\iMeshV4[1].exe 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VNHRFDO8\nCaseInstaller[1].cab 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\iMeshV4[1].exe I
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\wbk12.tmp 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\wbkB.tmp 
F:\Documents and Settings\default\Local Settings\Temporary Internet Files\Content.IE5\VY0RJPS5\WeatherAutoCAST0010[1].cab 
F:\Program Files\Common Files\CMEII\apps\DateManager\datemanager.zip 
F:\Program Files\Common Files\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe 
F:\Program Files\Common Files\CMEII\apps\PrecisionTime\precisiontime.zip I
F:\Program Files\Common Files\CMEII\store\apps\datemanager.zip 
F:\Program Files\Common Files\CMEII\store\apps\precisiontime.zip 
F:\WINDOWS\desktop\KaZaA\My Shared Folder\kmd133_en.exe 

:Commands
[emptytemp]

Then click the Run Fix button at the top.

After fix, please save the log and post it in your next reply.


Next, run OTL with these settings.

  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Uncheck the boxes beside LOP Check and Purity Check.
  • In the Extra Registry section, change the setting to All
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • OTL fix log
  • Both new OTL logs

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation 5Iv60h9.jpg
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users