Jump to content

fjhdi

Members
  • Content Count

    42
  • Joined

  • Last visited

About fjhdi

  • Rank
    Member
  1. That panda thing is the program that you told me to dl a few messages back... Malwarebytes' Anti-Malware 1.34 Database version: 1756 Windows 5.1.2600 Service Pack 3 2/12/2009 9:09:08 PM mbam-log-2009-02-12 (21-09-08).txt Scan type: Quick Scan Objects scanned: 88927 Time elapsed: 6 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\Webtools (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: (No malicious items detected) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:27:25 PM, on 2/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5075 bytes I dled IE8 and its working again now.
  2. ComboFix 09-02-12.03 - Tim 2009-02-12 18:33:58.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.255.58 [GMT -5:00] Running from: c:\documents and settings\Tim.TIM-09CF61204FA\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tim.TIM-09CF61204FA\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Outdated) FW: Panda Antivirus Platinum 7 *disabled* * Created a new restore point FILE :: c:\program files\Clelycos\ace.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Clelycos\ace.dll c:\program files\medialoads c:\program files\medialoads\medialoads\channels.ini c:\program files\medialoads\medialoads\media\channels\bikini\gui\bikpreview.wmv c:\program files\medialoads\medialoads\media\channels\bikini\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\preview.html c:\program files\medialoads\medialoads\media\channels\bikini\gui\pv_bikini.html c:\program files\medialoads\medialoads\media\channels\bikini\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\bikini\gui\title.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\casinopreview.wmv c:\program files\medialoads\medialoads\media\channels\casino\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\preview.html c:\program files\medialoads\medialoads\media\channels\casino\gui\pv_casino.html c:\program files\medialoads\medialoads\media\channels\casino\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\casino\gui\title.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\celebpreview.wmv c:\program files\medialoads\medialoads\media\channels\celebs\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\preview.html c:\program files\medialoads\medialoads\media\channels\celebs\gui\pv_celebs.html c:\program files\medialoads\medialoads\media\channels\celebs\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\celebs\gui\title.gif c:\program files\medialoads\medialoads\media\channels\comingsoon\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\comingsoon\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\comingsoon\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\comingsoon\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\comingsoon\gui\title.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\extpreview.wmv c:\program files\medialoads\medialoads\media\channels\extreme\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\preview.html c:\program files\medialoads\medialoads\media\channels\extreme\gui\pv_extreme.html c:\program files\medialoads\medialoads\media\channels\extreme\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\extreme\gui\title.gif c:\program files\medialoads\medialoads\media\channels\files.html c:\program files\medialoads\medialoads\media\channels\groovy\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\grvpreview.wmv c:\program files\medialoads\medialoads\media\channels\groovy\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\preview.html c:\program files\medialoads\medialoads\media\channels\groovy\gui\pv_groovy.html c:\program files\medialoads\medialoads\media\channels\groovy\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\groovy\gui\title.gif c:\program files\medialoads\medialoads\media\channels\newfile.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\bottom.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\icon.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\icon_new.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\mid.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\preview.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\preview.html c:\program files\medialoads\medialoads\media\channels\weird\gui\pv_weird.html c:\program files\medialoads\medialoads\media\channels\weird\gui\shim.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\title.gif c:\program files\medialoads\medialoads\media\channels\weird\gui\wrdpreview.wmv c:\program files\medialoads\medialoads\media\channelstyles.css c:\program files\medialoads\medialoads\media\gui\main\about.html c:\program files\medialoads\medialoads\media\gui\main\channels.js c:\program files\medialoads\medialoads\media\gui\main\fpo_mid.gif c:\program files\medialoads\medialoads\media\gui\main\guistyles.css c:\program files\medialoads\medialoads\media\gui\main\help.html c:\program files\medialoads\medialoads\media\gui\main\launch.html c:\program files\medialoads\medialoads\media\gui\main\main.html c:\program files\medialoads\medialoads\media\gui\main\main_bottom.html c:\program files\medialoads\medialoads\media\gui\main\main_mid.html c:\program files\medialoads\medialoads\media\gui\main\main_top.html c:\program files\medialoads\medialoads\media\gui\main\mainbottom_bottom.gif c:\program files\medialoads\medialoads\media\gui\main\mainbottom_left.gif c:\program files\medialoads\medialoads\media\gui\main\mainbottom_right.gif c:\program files\medialoads\medialoads\media\gui\main\mainbottom_top.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat01.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat02.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat03.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat04.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat05.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_cat06.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame01.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame02.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame03.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame04.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame05.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame06.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame07.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame08.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame09.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame10.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_frame11.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_bottom.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_mid1.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_mid2.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_mid3.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_subscribe.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_subscribe_f2.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_subscribe_waiting.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_top.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_viewer.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_viewer_f2.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_nav2_viewer_waiting.gif c:\program files\medialoads\medialoads\media\gui\main\mainmid_title.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_bottom.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_centerbar.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_about.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_about_f2.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_center.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_close.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_close_f2.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_help.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_help_f2.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_options.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_options_f2.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_nav_rt.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_navlft.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_readout.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_rtmid.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_title.gif c:\program files\medialoads\medialoads\media\gui\main\maintop_top.gif c:\program files\medialoads\medialoads\media\gui\main\nobanner.gif c:\program files\medialoads\medialoads\media\gui\main\scroller.swf c:\program files\medialoads\medialoads\media\gui\main\shim.gif c:\program files\medialoads\medialoads\media\gui\main\subscribe.gif c:\program files\medialoads\medialoads\media\gui\main\support\about_r2_c2.gif c:\program files\medialoads\medialoads\media\gui\main\support\about_r2_c2_f2.gif c:\program files\medialoads\medialoads\media\gui\main\support\aboutHdr.gif c:\program files\medialoads\medialoads\media\gui\main\support\aboutheader.html c:\program files\medialoads\medialoads\media\gui\main\support\abouttitle.gif c:\program files\medialoads\medialoads\media\gui\main\support\header.html c:\program files\medialoads\medialoads\media\gui\main\support\help01.gif c:\program files\medialoads\medialoads\media\gui\main\support\help02.gif c:\program files\medialoads\medialoads\media\gui\main\support\help03.gif c:\program files\medialoads\medialoads\media\gui\main\support\help04.gif c:\program files\medialoads\medialoads\media\gui\main\support\help05.gif c:\program files\medialoads\medialoads\media\gui\main\support\helpbody.html c:\program files\medialoads\medialoads\media\gui\main\support\helpheader.html c:\program files\medialoads\medialoads\media\gui\main\support\helptitle.gif c:\program files\medialoads\medialoads\media\gui\main\support\previewheader.htm c:\program files\medialoads\medialoads\media\gui\main\support\previewname.gif c:\program files\medialoads\medialoads\media\gui\main\support\previewtop.gif c:\program files\medialoads\medialoads\media\gui\main\support\pvclose.gif c:\program files\medialoads\medialoads\media\gui\main\support\pvclose_f2.gif c:\program files\medialoads\medialoads\media\gui\main\support\pvrtclose.gif c:\program files\medialoads\medialoads\media\gui\main\support\pvunderclose.gif c:\program files\medialoads\medialoads\media\gui\main\support\rtclose.gif c:\program files\medialoads\medialoads\media\gui\main\support\shim.gif c:\program files\medialoads\medialoads\media\gui\main\support\supportbody.html c:\program files\medialoads\medialoads\media\gui\main\support\underclose.gif c:\program files\medialoads\medialoads\media\gui\player\f1_1.gif c:\program files\medialoads\medialoads\media\gui\player\f1_1.html c:\program files\medialoads\medialoads\media\gui\player\f1_2a.gif c:\program files\medialoads\medialoads\media\gui\player\f1_2a.html c:\program files\medialoads\medialoads\media\gui\player\f1_2b_categories.html c:\program files\medialoads\medialoads\media\gui\player\f1_3.gif c:\program files\medialoads\medialoads\media\gui\player\f1_3.html c:\program files\medialoads\medialoads\media\gui\player\f2.gif c:\program files\medialoads\medialoads\media\gui\player\f2.html c:\program files\medialoads\medialoads\media\gui\player\f3_1.gif c:\program files\medialoads\medialoads\media\gui\player\f3_1.html c:\program files\medialoads\medialoads\media\gui\player\f3_2a_player.html c:\program files\medialoads\medialoads\media\gui\player\f3_2b.gif c:\program files\medialoads\medialoads\media\gui\player\f3_2b.html c:\program files\medialoads\medialoads\media\gui\player\f3_3.gif c:\program files\medialoads\medialoads\media\gui\player\f3_3.html c:\program files\medialoads\medialoads\media\gui\player\f3_4a_files.html c:\program files\medialoads\medialoads\media\gui\player\f3_4b.gif c:\program files\medialoads\medialoads\media\gui\player\f3_4b.html c:\program files\medialoads\medialoads\media\gui\player\f3_5.gif c:\program files\medialoads\medialoads\media\gui\player\f3_5.html c:\program files\medialoads\medialoads\media\gui\player\files_frame.gif c:\program files\medialoads\medialoads\media\gui\player\filestyles.css c:\program files\medialoads\medialoads\media\gui\player\maintop_bottom.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_centerbar.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_about.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_about_f2.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_center.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_center_f2.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_close.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_close_f2.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_help.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_help_f2.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_options.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_options_f2.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_nav_rt.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_navlft.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_readout.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_rtmid.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_split.htm c:\program files\medialoads\medialoads\media\gui\player\maintop_title.gif c:\program files\medialoads\medialoads\media\gui\player\maintop_top.gif c:\program files\medialoads\medialoads\media\gui\player\no_files.html c:\program files\medialoads\medialoads\media\gui\player\player.html c:\program files\medialoads\medialoads\media\gui\player\player_top.html c:\program files\medialoads\medialoads\media\gui\player\playerslices.htm c:\program files\medialoads\medialoads\media\gui\player\playerslices_r2_c4.gif c:\program files\medialoads\medialoads\media\gui\player\playerslices_r3_c2.gif c:\program files\medialoads\medialoads\media\gui\player\playerstyles.css c:\program files\medialoads\medialoads\media\gui\player\scroller.swf c:\program files\medialoads\medialoads\media\gui\player\shim.gif c:\program files\medialoads\user.ini c:\program files\medialoads\v1\ML.exe c:\windows\system32\fleok . ((((((((((((((((((((((((( Files Created from 2009-01-12 to 2009-02-12 ))))))))))))))))))))))))))))))) . 2009-02-11 17:24 . 2009-02-11 17:24 <DIR> d-------- c:\program files\Panda Security 2009-02-11 17:24 . 2008-06-19 16:24 28,544 --a------ c:\windows\SYSTEM32\DRIVERS\pavboot.sys 2009-02-01 09:27 . 2009-02-01 09:27 10,520 --a------ c:\windows\SYSTEM32\avgrsstx.dll 2009-02-01 02:12 . 2007-08-01 22:47 102,664 --a------ c:\windows\SYSTEM32\DRIVERS\tmcomm.sys 2009-02-01 01:55 . 2009-02-01 01:55 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll 2009-02-01 01:46 . 2009-02-01 01:46 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Freedom 2009-01-31 23:32 . 2009-01-31 23:32 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer 2009-01-31 23:32 . 2009-01-31 23:32 <DIR> d-------- c:\program files\MSBuild 2009-01-31 23:31 . 2009-01-31 23:31 <DIR> d-------- c:\program files\Reference Assemblies 2009-01-31 23:30 . 2009-01-31 23:31 <DIR> d-------- C:\00e5932de90e9ce9f9 2009-01-31 23:30 . 2008-07-06 07:06 1,676,288 --------- c:\windows\SYSTEM32\xpssvcs.dll 2009-01-31 23:30 . 2008-07-06 07:06 1,676,288 -----c--- c:\windows\SYSTEM32\DLLCACHE\xpssvcs.dll 2009-01-31 23:30 . 2008-07-06 05:50 597,504 -----c--- c:\windows\SYSTEM32\DLLCACHE\printfilterpipelinesvc.exe 2009-01-31 23:30 . 2008-07-06 07:06 575,488 --------- c:\windows\SYSTEM32\xpsshhdr.dll 2009-01-31 23:30 . 2008-07-06 07:06 575,488 -----c--- c:\windows\SYSTEM32\DLLCACHE\xpsshhdr.dll 2009-01-31 23:30 . 2008-07-06 07:06 117,760 --------- c:\windows\SYSTEM32\prntvpt.dll 2009-01-31 23:30 . 2008-07-06 07:06 89,088 -----c--- c:\windows\SYSTEM32\DLLCACHE\filterpipelineprintproc.dll 2009-01-31 16:10 . 2009-02-05 14:43 <DIR> d-------- c:\program files\RegCure 2009-01-29 10:18 . 2009-01-29 10:18 <DIR> d-------- c:\program files\Radialpoint 2009-01-29 10:18 . 2009-01-29 10:19 <DIR> d-------- c:\program files\Common Files\PestPatrol 2009-01-29 10:18 . 2009-02-01 01:47 <DIR> d-------- c:\program files\Common Files\Command Software 2009-01-29 10:18 . 2009-01-29 10:18 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Motive 2009-01-29 10:17 . 2009-01-29 10:17 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Radialpoint 2009-01-29 10:17 . 2005-07-12 01:28 69,632 --a------ c:\windows\SYSTEM32\MCCDevice.dll 2009-01-29 10:17 . 2005-07-12 01:28 6,048 --a------ c:\windows\SYSTEM32\MCC16.dll 2009-01-29 10:16 . 2009-01-29 10:18 <DIR> d-------- c:\program files\Common Files\Motive 2009-01-29 10:16 . 2009-01-29 10:19 24,269,620 --a------ C:\BellSouthIW.reg 2009-01-29 10:16 . 2002-02-13 20:53 6,345 -ra------ c:\windows\SYSTEM32\DevMngr.vxd 2009-01-29 09:42 . 2009-01-29 09:55 <DIR> d-------- c:\program files\Linksys Wireless-G USB Wireless Network Monitor 2009-01-29 09:39 . 2009-01-29 09:40 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\WinZip 2009-01-29 09:34 . 2009-01-29 09:34 <DIR> d-------- C:\Linksys Driver 2009-01-28 18:00 . 2009-01-29 09:54 <DIR> d-------- c:\documents and settings\Administrator.TIM 2009-01-28 15:46 . 2009-01-29 15:31 445,696 --a------ c:\windows\SYSTEM32\DRIVERS\rt73.sys 2009-01-25 15:07 . 2009-01-25 15:07 <DIR> d-------- c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\Red Kawa 2009-01-13 11:03 . 2009-01-13 11:03 <DIR> d-------- c:\program files\Red Kawa 2009-01-13 11:03 . 2009-01-13 11:03 <DIR> d-------- c:\program files\AviSynth 2.5 2009-01-13 10:24 . 2009-01-13 10:24 <DIR> d-------- C:\OpenCandy 2009-01-12 14:59 . 2009-01-12 14:59 <DIR> d-------- c:\program files\iPod 2009-01-12 14:58 . 2009-01-12 15:00 <DIR> d-------- c:\program files\iTunes 2009-01-12 14:58 . 2009-01-12 15:00 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-12 14:48 . 2009-01-12 14:51 <DIR> d-------- c:\program files\QuickTime 2009-01-12 11:26 . 2008-04-13 20:12 159,232 --a------ c:\windows\SYSTEM32\ptpusd.dll 2009-01-12 11:26 . 2008-04-13 14:45 15,104 --a------ c:\windows\SYSTEM32\DRIVERS\usbscan.sys 2009-01-12 11:26 . 2008-04-13 14:45 15,104 --a--c--- c:\windows\SYSTEM32\DLLCACHE\usbscan.sys 2009-01-12 11:26 . 2001-08-17 22:36 5,632 --a------ c:\windows\SYSTEM32\ptpusb.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-12 23:34 --------- d-----w c:\program files\Clelycos 2009-02-11 13:01 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint 2009-02-11 01:08 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\avg8 2009-02-10 03:19 --------- d-----w c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\ArcSoft 2009-02-10 03:19 --------- d-----w c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\AdobeUM 2009-02-10 03:19 --------- d-----w c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\AdobeAUM 2009-02-10 03:19 --------- d-----w c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\acccore 2009-02-01 14:27 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-02-01 06:54 --------- d-----w c:\program files\Java 2009-01-29 15:19 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-13 15:50 --------- d-----w c:\program files\BitComet 2009-01-12 23:15 --------- d-----w c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\Apple Computer 2009-01-12 19:59 --------- d-----w c:\program files\Common Files\Apple 2008-12-15 00:05 --------- d-----w c:\program files\AIM6 2008-12-15 00:03 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\acccore 2005-04-03 18:21 66,048 -c--a-w c:\documents and settings\Tim\Application Data\GDIPFONTCACHEV1.DAT 2005-03-21 03:32 3,272,512 -c--a-w c:\program files\BSLITEINSTALL.exe 2004-03-13 03:54 784 -c--a-w c:\documents and settings\Tim\Application Data\mpauth.dat 2008-08-30 19:15 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat . ((((((((((((((((((((((((((((( SnapShot_2009-02-12_18.08.12.70 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-12 23:29:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_164.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-01 136600] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-02-01 09:27 10520 c:\windows\SYSTEM32\avgrsstx.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Monitor.lnk] path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Monitor.lnk backup=c:\windows\pss\Monitor.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6] --a------ 2008-10-31 14:22 50480 c:\program files\AIM6\aim6.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2009-02-01 09:27 1601304 c:\progra~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-13 19:12 15360 c:\windows\SYSTEM32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE] --a------ 2006-10-15 21:34 958464 c:\program files\Browser Mouse\MOffice.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot] --a------ 2006-01-19 10:06 11776 c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sealmon] --a------ 2006-12-19 14:27 291984 c:\program files\SealedMedia\sealmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\system32\\drivers\\svchost.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "16641:TCP"= 16641:TCP:BitComet 16641 TCP "16641:UDP"= 16641:UDP:BitComet 16641 UDP R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [2009-02-11 28544] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [2008-08-25 325128] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-01 298264] S3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys --> c:\windows\system32\drivers\fixustor.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - PAVBOOT [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - f:\wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd716fb3-71fc-11dd-ab34-00173fcddafa}] \Shell\AutoRun\command - f:\wd_windows_tools\WDEULA.exe . Contents of the 'Scheduled Tasks' folder 2009-02-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-02-12 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 12:58] 2009-02-12 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 12:58] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: { - c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} - hxxps://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB FF - ProfilePath - c:\documents and settings\Tim.TIM-09CF61204FA\Application Data\Mozilla\Firefox\Profiles\v9qv1qs5.default\ FF - prefs.js: browser.search.selectedEngine - Search FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - chrome://google-gzfb-partner/locale/partner.properties FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-12 18:42:07 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-02-12 18:48:36 ComboFix-quarantined-files.txt 2009-02-12 23:47:24 ComboFix2.txt 2009-02-12 23:10:22 ComboFix3.txt 2009-02-11 00:58:53 Pre-Run: 8,170,872,832 bytes free Post-Run: 8,158,896,128 bytes free 416 --- E O F --- 2009-02-11 20:10:22 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:54:23 PM, on 2/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5017 bytes The comp is actually working worse now. My IE stopped working for some reason and I can only browse while on firefox. other than that, everything seems to be working ok
  3. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:35:36 AM, on 2/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 5333 bytes ;*********************************************************************************************************************************************************************************** ANALYSIS: 2009-02-12 06:34:24 PROTECTIONS: 1 MALWARE: 12 SUSPECTS: 1 ;*********************************************************************************************************************************************************************************** PROTECTIONS Description Version Active Updated ;=================================================================================================================================================================================== AVG Anti-Virus Free 8.0 No Yes ;=================================================================================================================================================================================== MALWARE Id Description Type Active Severity Disinfectable Disinfected Location ;=================================================================================================================================================================================== 00020302 adware/ncase Adware No 0 Yes No c:\windows\system32\fleok 00040471 adware/downloadware Adware No 0 Yes No c:\program files\medialoads 00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][2].txt 00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][2].txt 00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Tim.TIM-09CF61204FA\Cookies\[email protected][1].txt 00169752 application/need2find HackTools No 0 Yes No hkey_current_user\software\need2find 00294807 Spyware/Apropos Spyware No 1 Yes No C:\Program Files\Clelycos\ace.dll ;=================================================================================================================================================================================== SUSPECTS Sent Location S ;=================================================================================================================================================================================== No C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\ComboFix.exe S ;=================================================================================================================================================================================== VULNERABILITIES Id Severity Description S ;=================================================================================================================================================================================== ;=================================================================================================================================================================================== Well I dont think that I was able to disinfect the things that the panda search found on my comp bc it said that that was only available in the paid version. Overall my comp is working much better and the pop up thing that I had telling me about some virus hasn't popped up in a few days. Thanks again
  4. hey, Only Viewpoint Media Player was on my comp and I went ahead and removed it. I also removed all the poker files that I could find. I found this file for the combofix, I hope it's the right one: 2005-11-06 23:45:01 AC------ 460 C:\Qoobox\Quarantine\C\Program Files\Quick Links\Uninst.log.vir 2006-09-25 21:14:31 AC------ 1,024 C:\Qoobox\Quarantine\C\Program Files\Need2Find\bar\History\search.vir 2008-11-15 19:46:28 A------- 12 C:\Qoobox\Quarantine\C\WINDOWS\wiaserviv.log.vir 2008-11-15 19:46:30 A------- 32,081 C:\Qoobox\Quarantine\C\Program Files\iCheck\Uninstall.exe.vir 2008-11-15 19:46:44 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Temporary Internet Files\fbk.sts.vir 2008-11-16 20:08:11 A------- 63,231 C:\Qoobox\Quarantine\C\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\SpeedRunner\config.cfg.vir 2009-02-09 22:16:14 A------- 123,392 C:\Qoobox\Quarantine\C\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\Google\ckzty22913935.exe.vir 2009-02-09 22:23:47 A------- 66,048 C:\Qoobox\Quarantine\C\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\Google\msnkpl32.dll.vir 2009-02-10 19:30:01 A------- 58 C:\Qoobox\Quarantine\catchme.log 2009-02-10 19:47:28 A------- 12,870 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-02-10 19:56:04 A------- 126 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-UMonit.reg.dat 2009-02-10 19:56:04 A------- 194 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-realtecks.reg.dat 2009-02-10 19:56:16 A------- 590 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Warez.reg.dat 2009-02-10 19:56:16 A------- 612 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-GetModule27.reg.dat 2009-02-10 19:56:16 A------- 702 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-Adobe Photo Downloader.reg.dat 2009-02-10 19:56:16 A------- 704 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SpeedRunner.reg.dat Thanks
  5. here is the HJT log. when I ran the combofix, it went for a while and then the log came up but the taskbar at the bottom was gone and there were no icons on the desktop. I couldn't do anything so I ended up just restarting the comp and now I cant find the log. I dont know if it is saved somewhere or if I should run it again. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:45:49 AM, on 2/11/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 5800 bytes
  6. I have just run a AVG scan and it only found 2 viruses that I have removed. Here is my HJT log, thanks. Logfile of HijackThis v1.99.1 Scan saved at 7:05:37 AM, on 2/10/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  7. JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sat Sep 13 14:21:20 2008 Found and removed: C:\Program Files\Java\j2re1.4.0_01 Found and removed: C:\Program Files\Java\j2re1.4.0_03 Found and removed: C:\Program Files\Java\jre1.5.0_05 Found and removed: C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64 Found and removed: C:\Program Files\Java Web Start Found and removed: Software\JavaSoft\Java2D\1.5.0_05 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Classes\JavaPlugin.150_05 Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150050} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Classes\JavaPlugin.160_05 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050} Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_05 Found and removed: Software\Classes\JavaPlugin.160_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core1.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core2.zip Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\core3.zip Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05 Found and removed: Software\JavaSoft\Java2D\1.6.0_05 Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting.
  8. no really too much. its still running kinda slow, but that may be bc its old.
  9. here you go: < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{254B87BB-510D-41FA-A887-52C5FA9BE585} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}\ not found. < HKEY_CLASSES_ROOT\clsid\\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry value HKEY_CLASSES_ROOT\clsid\\{254B87BB-510D-41FA-A887-52C5FA9BE585} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}\ not found. < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. < HKEY_CLASSES_ROOT\clsid\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry value HKEY_CLASSES_ROOT\clsid\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found. < HKEY_CLASSES_ROOT\clsid\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry value HKEY_CLASSES_ROOT\clsid\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry value HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{254B87BB-510D-41FA-A887-52C5FA9BE585} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{254B87BB-510D-41FA-A887-52C5FA9BE585}\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry value HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4982D40A-C53B-4615-B15B-B5B5E98D167C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry value HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09072008_145952 Logfile of random's system information tool (written by random/random) Run by Tim at 2008-09-07 15:32:33 Microsoft Windows XP Home Edition Service Pack 3 System drive C: has 7 GB (17%) free of 38 GB Total RAM: 255 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:34:06 PM, on 9/7/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\SealedMedia\sealmon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\AVG\AVG8\avgscanx.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\RSIT.exe C:\WINDOWS\system32\ssstars.scr C:\Program Files\trend micro\Tim.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\MOffice.exe O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE -- End of file - 6767 bytes Scheduled tasks folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-25 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-25 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "MimBoot"=C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [2006-01-19 11776] "Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [] "FLMOFFICE4DMOUSE"=C:\Program Files\Browser Mouse\MOffice.exe [2006-10-15 958464] "sealmon"=C:\Program Files\SealedMedia\sealmon.exe [2006-12-19 291984] "UMonit"=C:\WINDOWS\system32\umonit.exe [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "Warez"=C:\Program Files\Warez\Warez.exe /minimized [] "Aim6"=C:\Program Files\AIM6\aim6.exe [2008-01-03 50528] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Monitor.lnk - C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll schannel.dll digest.dll msnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader" "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" "C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe"="C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\Program Files\Common Files\AOL\1148950053\EE\AOLServiceHost.exe"="C:\Program Files\Common Files\AOL\1148950053\EE\AOLServiceHost.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe"="C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL" "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe"="C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL" "C:\Program Files\Kazaa\kazaa.exe"="C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Warez\Warez.exe"="C:\Program Files\Warez\Warez.exe:*:Enabled:Warez3" "C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] shell\AutoRun\command - D:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96a6ae37-d90f-11da-8ba1-806d6172696f}] shell\AutoRun\command - D:\SetupWizard.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd716fb3-71fc-11dd-ab34-00173fcddafa}] shell\AutoRun\command - F:\wd_windows_tools\WDEULA.exe List of files/folders created in the last three months 2008-09-07 15:00:31 ----D---- C:\rsit 2008-09-05 20:27:41 ----D---- C:\_OTMoveIt 2008-08-30 15:15:45 ----D---- C:\WINDOWS\Prefetch 2008-08-30 15:05:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-08-29 19:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-08-29 19:01:28 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-08-29 18:59:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-08-29 18:58:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-08-29 18:56:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-08-29 18:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2008-08-29 18:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-08-29 18:51:10 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-08-29 18:48:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-08-29 18:46:00 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-08-29 18:44:44 ----D---- C:\WINDOWS\LastGood.Tmp 2008-08-29 18:33:37 ----D---- C:\WINDOWS\system32\scripting 2008-08-29 18:33:35 ----D---- C:\WINDOWS\l2schemas 2008-08-29 18:33:32 ----D---- C:\WINDOWS\system32\en 2008-08-29 18:26:27 ----D---- C:\WINDOWS\ServicePackFiles 2008-08-29 18:12:01 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-08-29 18:03:24 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-08-29 18:03:18 ----D---- C:\WINDOWS\EHome 2008-08-29 17:56:34 ----D---- C:\Program Files\iPod 2008-08-29 17:56:11 ----D---- C:\Program Files\iTunes 2008-08-29 17:46:58 ----D---- C:\Program Files\Common Files\Apple 2008-08-29 17:42:16 ----D---- C:\Program Files\Safari 2008-08-26 01:25:37 ----N---- C:\WINDOWS\system32\wmphoto.dll 2008-08-26 01:25:29 ----N---- C:\WINDOWS\system32\wlanapi.dll 2008-08-26 01:25:27 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-26 01:25:27 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2008-08-26 01:24:57 ----N---- C:\WINDOWS\system32\tspkg.dll 2008-08-26 01:24:56 ----N---- C:\WINDOWS\system32\tsgqec.dll 2008-08-26 01:24:42 ----N---- C:\WINDOWS\system32\spupdwxp.exe 2008-08-26 01:24:41 ----A---- C:\WINDOWS\system32\spdwnwxp.exe 2008-08-26 01:24:36 ----N---- C:\WINDOWS\system32\slserv.exe 2008-08-26 01:24:36 ----N---- C:\WINDOWS\system32\slrundll.exe 2008-08-26 01:24:36 ----N---- C:\WINDOWS\slrundll.exe 2008-08-26 01:24:35 ----N---- C:\WINDOWS\system32\slgen.dll 2008-08-26 01:24:35 ----N---- C:\WINDOWS\system32\slextspk.dll 2008-08-26 01:24:34 ----N---- C:\WINDOWS\system32\slcoinst.dll 2008-08-26 01:24:25 ----N---- C:\WINDOWS\system32\setupn.exe 2008-08-26 01:24:21 ----N---- C:\WINDOWS\system32\s3gnb.dll 2008-08-26 01:24:19 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2008-08-26 01:24:17 ----N---- C:\WINDOWS\system32\rasqec.dll 2008-08-26 01:24:14 ----N---- C:\WINDOWS\system32\qutil.dll 2008-08-26 01:24:13 ----N---- C:\WINDOWS\system32\qcliprov.dll 2008-08-26 01:24:13 ----N---- C:\WINDOWS\system32\qagentrt.dll 2008-08-26 01:24:13 ----N---- C:\WINDOWS\system32\qagent.dll 2008-08-26 01:24:10 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2008-08-26 01:24:05 ----N---- C:\WINDOWS\system32\onex.dll 2008-08-26 01:23:59 ----N---- C:\WINDOWS\system32\nv4_disp.dll 2008-08-26 01:23:48 ----N---- C:\WINDOWS\system32\napstat.exe 2008-08-26 01:23:48 ----N---- C:\WINDOWS\system32\napmontr.dll 2008-08-26 01:23:48 ----N---- C:\WINDOWS\system32\napipsec.dll 2008-08-26 01:23:47 ----N---- C:\WINDOWS\system32\mtxparhd.dll 2008-08-26 01:23:46 ----N---- C:\WINDOWS\system32\msxml6r.dll 2008-08-26 01:23:46 ----N---- C:\WINDOWS\system32\msxml6.dll 2008-08-26 01:23:42 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2008-08-26 01:23:42 ----N---- C:\WINDOWS\system32\mssha.dll 2008-08-26 01:23:19 ----N---- C:\WINDOWS\system32\mmcperf.exe 2008-08-26 01:23:18 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2008-08-26 01:23:18 ----N---- C:\WINDOWS\system32\mmcex.dll 2008-08-26 01:23:18 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2008-08-26 01:22:53 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2008-08-26 01:22:40 ----N---- C:\WINDOWS\system32\kmsvc.dll 2008-08-26 01:22:39 ----N---- C:\WINDOWS\system32\kbdpash.dll 2008-08-26 01:22:39 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2008-08-26 01:22:39 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2008-08-26 01:22:38 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2008-08-26 01:21:58 ----N---- C:\WINDOWS\system32\faxpatch.exe 2008-08-26 01:21:58 ----A---- C:\WINDOWS\002819_.tmp 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eapsvc.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eapqec.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eappprxy.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eapphost.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eappgnui.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eappcfg.dll 2008-08-26 01:21:55 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2008-08-26 01:21:54 ----N---- C:\WINDOWS\system32\eapolqec.dll 2008-08-26 01:21:50 ----N---- C:\WINDOWS\system32\dot3ui.dll 2008-08-26 01:21:50 ----N---- C:\WINDOWS\system32\dot3svc.dll 2008-08-26 01:21:49 ----N---- C:\WINDOWS\system32\dot3msm.dll 2008-08-26 01:21:49 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2008-08-26 01:21:49 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2008-08-26 01:21:49 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2008-08-26 01:21:49 ----N---- C:\WINDOWS\system32\dot3api.dll 2008-08-26 01:21:46 ----N---- C:\WINDOWS\system32\dimsroam.dll 2008-08-26 01:21:46 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2008-08-26 01:21:45 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2008-08-26 01:21:39 ----N---- C:\WINDOWS\system32\credssp.dll 2008-08-26 01:21:29 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2008-08-26 01:21:28 ----N---- C:\WINDOWS\system32\azroles.dll 2008-08-26 01:21:26 ----N---- C:\WINDOWS\system32\ativvaxx.dll 2008-08-26 01:21:26 ----N---- C:\WINDOWS\system32\ativtmxx.dll 2008-08-26 01:21:24 ----N---- C:\WINDOWS\system32\ati3duag.dll 2008-08-26 01:21:24 ----N---- C:\WINDOWS\system32\ati3d1ag.dll 2008-08-26 01:21:24 ----N---- C:\WINDOWS\system32\ati2dvag.dll 2008-08-26 01:21:23 ----N---- C:\WINDOWS\system32\ati2cqag.dll 2008-08-26 01:20:58 ----N---- C:\WINDOWS\system32\aaclient.dll 2008-08-25 22:05:34 ----HD---- C:\$AVG8.VAULT$ 2008-08-25 21:32:12 ----A---- C:\WINDOWS\system32\avgrsstx.dll 2008-08-25 21:31:45 ----D---- C:\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\AVGTOOLBAR 2008-08-25 21:31:27 ----D---- C:\Program Files\AVG 2008-08-25 21:31:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 2008-08-23 13:02:33 ----D---- C:\Avenger 2008-08-23 13:02:32 ----A---- C:\avenger.txt 2008-08-23 12:45:57 ----D---- C:\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\Malwarebytes 2008-08-23 12:45:48 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-08-23 11:53:22 ----D---- C:\WINDOWS\ERUNT 2008-08-23 11:52:02 ----D---- C:\SDFix 2008-08-23 11:43:08 ----D---- C:\Program Files\Trend Micro 2008-08-17 19:20:29 ----D---- C:\Program Files\PCPitstop 2008-08-13 17:44:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$ 2008-08-13 17:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$ 2008-08-13 17:22:56 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$ 2008-08-13 17:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$ 2008-08-13 16:32:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$ 2008-08-13 16:22:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$ 2008-08-13 15:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$ 2008-07-26 11:01:15 ----D---- C:\Program Files\Bonjour 2008-07-26 10:59:25 ----D---- C:\Program Files\QuickTime 2008-07-10 20:42:19 ----D---- C:\Program Files\UltimateBet 2008-07-10 15:39:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$ 2008-06-20 15:09:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$ 2008-06-11 15:02:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$ 2008-06-11 15:02:41 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$ 2008-06-11 15:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2008-06-11 15:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$ List of drivers R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\system32\System32\Drivers\avgmfx86.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 OMCI;OMCI; C:\WINDOWS\system32\SYSTEM32\DRIVERS\OMCI.SYS [] R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS [] R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868] R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816] R3 ati2mtaa;ati2mtaa; C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-03 327040] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536] R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032] R3 RTL8023xp;Belkin F5D5000 v2000 Desktop PCI Card all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512] R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2002-08-05 545208] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056] S3 catchme;catchme; \??\C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\catchme.sys [] S3 DM9102;DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver; C:\WINDOWS\system32\DRIVERS\DM9PCI5.SYS [2001-08-17 29696] S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591] S3 fixustor;fixustor; C:\WINDOWS\system32\drivers\fixustor.sys [] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 moufiltr;Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\moufiltr.sys [2006-10-15 62592] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 RT2500USB;Wireless USB Card Driver; C:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2007-04-09 245376] S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2007-10-31 30464] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588] List of services R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2000-03-08 278016] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-09-07 15:34:29 Uninstall list -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log AIM 6-->C:\Program Files\AIM6\uninst.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA6E0BE9-1BE9-4B82-855E-9D6486838F9A}\setup.exe" -l0x9 -removeonly Belkin F5D5000 Desktop PCI Card Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1798227A-AA89-4C78-AF55-56A38E654788}\setup.exe" -l0x9 -removeonly BitComet 0.70-->C:\Program Files\BitComet\uninst.exe Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} Browser Mouse-->C:\Program Files\Browser Mouse\uninst00.exe Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe" GMAT-->"C:\Program Files\Peterson's\GMAT\UninstallerData\Uninstall-GMAT.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} K-Lite Mega Codec Pack 3.5.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Access 2003-->MsiExec.exe /I{90150409-6000-11D3-8CFE-0150048383C9} Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9 -uninst QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} SanDisk TransferMate-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}\Setup.exe" -l0x9 SealedMedia Unsealer 5.2.7-->MsiExec.exe /I{E240C454-7D66-4785-931B-24E395B09140} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" Hosts File 127.0.0.1 localhost Security center information AV: AVG Anti-Virus Free AV: Panda Antivirus Platinum 7 (disabled) (outdated) FW: Panda Antivirus Platinum 7 (disabled) Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0204 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip -----------------EOF-----------------
  10. ok, im not sure if this is the right log because i couldn't find that file you had said. C:\ajspu.sys moved successfully. C:\Program Files\Kazaa\My Shared Folder moved successfully. C:\Program Files\Kazaa moved successfully. File/Folder C:\Program Files\Warez not found. File/Folder C:\Documents and Settings\Tim\Local Settings\Temp\a.exe not found. C:\Program Files\Viewpoint\Viewpoint Media Player\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Media Player moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology moved successfully. C:\Program Files\Viewpoint\Common moved successfully. C:\Program Files\Viewpoint moved successfully. < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{254B87BB-510D-41FA-A887-52C5FA9BE585}\\ not found. < HKEY_CLASSES_ROOT\clsid\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry key HKEY_CLASSES_ROOT\clsid\{254B87BB-510D-41FA-A887-52C5FA9BE585}\\ not found. < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\\ not found. < HKEY_CLASSES_ROOT\clsid\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry key HKEY_CLASSES_ROOT\clsid\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\\ not found. < HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\\ not found. < HKEY_CLASSES_ROOT\clsid\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry key HKEY_CLASSES_ROOT\clsid\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{254B87BB-510D-41FA-A887-52C5FA9BE585} > Registry key HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{254B87BB-510D-41FA-A887-52C5FA9BE585}\\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C} > Registry key HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4982D40A-C53B-4615-B15B-B5B5E98D167C}\\ not found. < HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} > Registry key HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\\ not found. OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09052008_202741 2nd, there were 15 files that had a "normal" status. and lastly, here is the new HJT: Logfile of HijackThis v1.99.1 Scan saved at 8:32:50 PM, on 9/5/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\Program Files\SealedMedia\sealmon.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\Temporary Directory 2 for kztechssuite[1].zip\SREngLdr.EXE C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\Temporary Directory 2 for kztechssuite[1].zip\SREc4057795.EXE C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\MOffice.exe O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
  11. ok here you go: OTViewIt Extras logfile created on: 9/1/2008 9:20:51 PM - Run 1 OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.80 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 67.90% Memory free 634.85 Mb Paging File | 410.16 Mb Available in Paging File | 64.61% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 6.30 Gb Free Space | 16.91% Space Free | Partition Type: NTFS Drive D: | 211.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader [11/03/2006 03:17 AM | 00,010,800 | ---- | M] (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon File not found "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed File not found "C:\Program Files\Common Files\AOL\1148950053\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1148950053\EE\AOLServiceHost.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found "C:\Program Files\Kazaa\kazaa.exe" = C:\Program Files\Kazaa\kazaa.exe:*:Enabled:Kazaa File not found "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [04/13/2008 02:53 PM | 00,558,080 | ---- | M] (Microsoft Corporation) "C:\Program Files\Warez\Warez.exe" = C:\Program Files\Warez\Warez.exe:*:Enabled:Warez3 File not found "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM [01/03/2008 12:15 PM | 00,050,528 | ---- | M] (AOL LLC) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour [07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) "C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe [08/29/2008 08:31 AM | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes [07/30/2008 10:47 AM | 20,252,968 | ---- | M] (Apple Inc.) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [04/13/2008 08:12 PM | 00,141,312 | ---- | M] (Microsoft Corporation) ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .bat [@ = batfile] - "%1" %* .cmd [@ = cmdfile] - "%1" %* .com [@ = comfile] - "%1" %* .exe [@ = exefile] - "%1" %* .pif [@ = piffile] - "%1" %* .scr [@ = scrfile] - "%1" /S ========== Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - [07/24/2007 03:17 PM | 00,147,456 | ---- | M] (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll ========== HKEY_LOCAL_MACHINE Protocol Defaults ========== ========== HKEY_CURRENT_USER Protocol Defaults ========== ========== HKEY_USERS Protocol Defaults ========== ========== HKEY_USERS Protocol Defaults ========== ========== HKEY_USERS Protocol Defaults ========== ========== HKEY_USERS Protocol Defaults ========== ========== HKEY_USERS Protocol Defaults ========== ========== Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM - XPLPPFilter Class] [08/25/2008 09:31 PM | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll msdaipp: [HKLM - No CLSID value] ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM - Microsoft Infotech Storage Protocol for IE 4.0] File not found Reg Error: Value does not exist or could not be read. ========== Protocol Filters ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime "{1798227A-AA89-4C78-AF55-56A38E654788}" = Belkin F5D5000 Desktop PCI Card Driver "{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes "{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour "{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support "{601C6E14-DF1E-4113-A8C8-F9DB90CB0D88}" = SanDisk TransferMate "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox "{90150409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0 "{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari "{CA6E0BE9-1BE9-4B82-855E-9D6486838F9A}" = Becker CPA Review CD-ROM Course and PassMaster - 2008 Edition "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{E240C454-7D66-4785-931B-24E395B09140}" = SealedMedia Unsealer 5.2.7 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Shockwave Player" = Adobe Shockwave Player "AIM_6" = AIM 6 "AVG8Uninstall" = AVG Free 8.0 "BitComet" = BitComet 0.70 "Browser Mouse" = Browser Mouse "GMAT" = GMAT "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "KB892130" = Windows Genuine Advantage Validation Tool (KB892130) "KB911564" = Security Update for Windows Media Player (KB911564) "KB911565" = Security Update for Windows Media Player 9 (KB911565) "KB917734_WMP9" = Security Update for Windows Media Player 9 (KB917734) "KB923689" = Security Update for Windows XP (KB923689) "KB925398_WMP64" = Security Update for Windows Media Player 6.4 (KB925398) "KB928090-IE7" = Security Update for Windows Internet Explorer 7 (KB928090) "KB929969" = Security Update for Windows Internet Explorer 7 (KB929969) "KB931768-IE7" = Security Update for Windows Internet Explorer 7 (KB931768) "KB933566-IE7" = Security Update for Windows Internet Explorer 7 (KB933566) "KB936782_WMP9" = Security Update for Windows Media Player 9 (KB936782) "KB937143-IE7" = Security Update for Windows Internet Explorer 7 (KB937143) "KB938127-IE7" = Security Update for Windows Internet Explorer 7 (KB938127) "KB939653-IE7" = Security Update for Windows Internet Explorer 7 (KB939653) "KB941569" = Security Update for Windows XP (KB941569) "KB942615-IE7" = Security Update for Windows Internet Explorer 7 (KB942615) "KB944533-IE7" = Security Update for Windows Internet Explorer 7 (KB944533) "KB946648" = Security Update for Windows XP (KB946648) "KB947864-IE7" = Hotfix for Windows Internet Explorer 7 (KB947864) "KB950759-IE7" = Security Update for Windows Internet Explorer 7 (KB950759) "KB950760" = Security Update for Windows XP (KB950760) "KB950762" = Security Update for Windows XP (KB950762) "KB950974" = Security Update for Windows XP (KB950974) "KB951066" = Security Update for Windows XP (KB951066) "KB951072-v2" = Update for Windows XP (KB951072-v2) "KB951376" = Security Update for Windows XP (KB951376) "KB951376-v2" = Security Update for Windows XP (KB951376-v2) "KB951698" = Security Update for Windows XP (KB951698) "KB951748" = Security Update for Windows XP (KB951748) "KB951978" = Update for Windows XP (KB951978) "KB952287" = Hotfix for Windows XP (KB952287) "KB952954" = Security Update for Windows XP (KB952954) "KB953838-IE7" = Security Update for Windows Internet Explorer 7 (KB953838) "KB953839" = Security Update for Windows XP (KB953839) "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.5.0 "Mozilla Firefox (2.0.0.16)" = Mozilla Firefox (2.0.0.16) "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "UltimateBet" = UltimateBet "ViewpointMediaPlayer" = Viewpoint Media Player "WGA" = Windows Genuine Advantage Validation Tool (KB892130) "WgaNotify" = Windows Genuine Advantage Notifications (KB905474) "Windows Media Format Runtime" = Windows Media Format Runtime "Windows XP Service Pack" = Windows XP Service Pack 3 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== HKEY_USERS Uninstall List ========== ========== HKEY_USERS Uninstall List ========== ========== HKEY_USERS Uninstall List ========== ========== HKEY_USERS Uninstall List ========== ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/12/2007 10:17:31 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16441, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/12/2007 10:22:17 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Error Description = Faulting application iexplore.exe, version 7.0.6000.16441, faulting module unknown, version 0.0.0.0, fault address 0x60b47930. Error - 6/12/2007 10:22:45 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16441, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/12/2007 10:36:35 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Error Description = Faulting application iexplore.exe, version 7.0.6000.16441, faulting module unknown, version 0.0.0.0, fault address 0x60b47930. Error - 6/12/2007 10:36:58 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application iexplore.exe, version 7.0.6000.16441, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/14/2007 5:07:43 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application sealmon.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 6/30/2007 9:13:05 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application iTunes.exe, version 7.2.0.34, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/3/2007 7:47:58 PM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Hang Description = Hanging application iTunes.exe, version 7.3.0.54, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 7/6/2007 6:39:23 AM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = Application Error Description = Faulting application iexplore.exe, version 7.0.6000.16473, faulting module quicktime.qts, version 7.1.6.200, fault address 0x00069bd7. Error - 7/8/2007 7:22:51 AM - Computer Name = TIM-09CF61204FA - User Name = User SID not found - Source = crypt32 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. [ Internet Explorer Events ] [ Security Events ] [ System Events ] Error - 8/26/2008 1:25:55 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 Error - 8/26/2008 1:25:56 AM - Computer Name = TIM - User Name = User SID not found - Source = Service Control Manager Description = The Application Management service terminated with the following error: %%126 < End of report > OTView.txt OTViewIt logfile created on: 9/1/2008 9:20:50 PM - Run 1 OTViewIt by OldTimer - Version 1.0.1.7 Folder = C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 254.80 Mb Total Physical Memory | 173.00 Mb Available Physical Memory | 67.90% Memory free 634.85 Mb Paging File | 410.16 Mb Available in Paging File | 64.61% Paging File free Paging file location(s): C:\pagefile.sys 384 768; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 37.24 Gb Total Space | 6.30 Gb Free Space | 16.91% Space Free | Partition Type: NTFS Drive D: | 211.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TIM Current User Name: Tim Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: On ===== Processes - Non-Microsoft Only ===== [08/30/2008 09:08 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe [08/25/2008 09:31 PM | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgrsx.exe [01/19/2006 11:06 AM | 00,102,400 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe [01/19/2006 11:06 AM | 00,416,768 | ---- | M] (Musicmatch, Inc.) - C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe [12/19/2006 03:27 PM | 00,291,984 | ---- | M] () - C:\Program Files\SealedMedia\sealmon.exe [08/30/2008 09:08 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgtray.exe ===== Win32 Services - Non-Microsoft Only ===== (avg8wd) AVG Free8 WatchDog [Auto | Running] [08/30/2008 09:08 AM | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\Program Files\AVG\AVG8\avgwdsvc.exe (Viewpoint Manager Service) Viewpoint Manager Service [Disabled | Stopped] [01/04/2007 05:38 PM | 00,024,652 | ---- | M] (Viewpoint Corporation) - C:\Program Files\Viewpoint\Common\ViewpointService.exe ===== Driver Services - Non-Microsoft Only ===== (AvgLdx86) AVG Free AVI Loader Driver x86 [system | Running] [08/30/2008 09:08 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [system | Running] [08/25/2008 09:32 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys (catchme) catchme [On_Demand | Stopped] File not found - C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\catchme.sys (CdaD10BA) CdaD10BA [Auto | Running] [12/05/2006 11:07 PM | 00,012,464 | ---- | M] (Macrovision Europe Ltd) - C:\WINDOWS\SYSTEM32\DRIVERS\CdaD10BA.SYS (DM9102) DAVICOM 9102(A) PCI Fast Ethernet Based NT Driver [On_Demand | Stopped] [08/17/2001 08:11 AM | 00,029,696 | ---- | M] (CNet Technology, Inc. ) - C:\WINDOWS\SYSTEM32\DRIVERS\DM9PCI5.SYS (fixustor) fixustor [On_Demand | Stopped] File not found - C:\WINDOWS\System32\drivers\fixustor.sys (moufiltr) Mouse Filter Driver [On_Demand | Stopped] [10/15/2006 10:34 PM | 00,062,592 | ---- | M] (Chic Tech.) - C:\WINDOWS\SYSTEM32\DRIVERS\moufiltr.sys (RT2500USB) Wireless USB Card Driver [On_Demand | Stopped] [04/09/2007 07:31 AM | 00,245,376 | R--- | M] (Ralink Technology Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys (RTL8023xp) Belkin F5D5000 v2000 Desktop PCI Card all in one NDIS NT Driver [On_Demand | Running] [01/18/2006 02:41 PM | 00,080,512 | R--- | M] (Realtek Semiconductor Corporation ) - C:\WINDOWS\SYSTEM32\DRIVERS\Rtnicxp.sys (USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped] [10/31/2007 03:09 PM | 00,030,464 | ---- | M] (Apple, Inc.) - C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys ========== Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader" = "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" File not found "AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) "AVG8_TRAY" = C:\PROGRA~1\AVG\AVG8\avgtray.exe [08/30/2008 09:08 AM | 01,235,736 | ---- | M] (AVG Technologies CZ, s.r.o.) "FLMOFFICE4DMOUSE" = C:\Program Files\Browser Mouse\MOffice.exe [10/15/2006 10:34 PM | 00,958,464 | ---- | M] () "iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [07/30/2008 10:47 AM | 00,289,064 | ---- | M] (Apple Inc.) "MimBoot" = C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe [01/19/2006 11:06 AM | 00,011,776 | ---- | M] (Musicmatch, Inc.) "QuickTime Task" = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [05/27/2008 10:50 AM | 00,413,696 | ---- | M] (Apple Inc.) "sealmon" = C:\Program Files\SealedMedia\sealmon.exe [12/19/2006 03:27 PM | 00,291,984 | ---- | M] () "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) "UMonit" = C:\WINDOWS\system32\umonit.exe File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = Reg Error: Value load does not exist or could not be read. "run" = Reg Error: Value run does not exist or could not be read. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6" = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [01/03/2008 12:15 PM | 00,050,528 | ---- | M] (AOL LLC) "Warez" = "C:\Program Files\Warez\Warez.exe" /minimized File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Aim6" = "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp [01/03/2008 12:15 PM | 00,050,528 | ---- | M] (AOL LLC) "Warez" = "C:\Program Files\Warez\Warez.exe" /minimized File not found [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "load" = "run" = Reg Error: Value run does not exist or could not be read. ========== Startup Folders ========== [Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup] [All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup] [04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [All Users.WINDOWS Startup Folder - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup] [04/23/2008 03:38 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [01/05/2006 10:57 AM | 00,114,688 | ---- | M] (SanDisk) - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe [Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup] [Default User.WINDOWS Startup Folder - C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup] [Owner Startup Folder - C:\Documents and Settings\Owner\Start Menu\Programs\Startup] [Tim Startup Folder - C:\Documents and Settings\Tim\Start Menu\Programs\Startup] [Tim.TIM-09CF61204FA Startup Folder - C:\Documents and Settings\Tim.TIM-09CF61204FA\Start Menu\Programs\Startup] ========== BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] HKLM CLSID: (AVG Safe Search) - [08/30/2008 09:08 AM | 00,455,960 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgssie.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] HKLM CLSID: (AVG Security Toolbar) - [08/25/2008 09:31 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll ========== Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{A057A204-BACC-4D26-9990-79A187E2698E}" HKLM CLSID: (AVG Security Toolbar) - [08/25/2008 09:31 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{254B87BB-510D-41FA-A887-52C5FA9BE585}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{A057A204-BACC-4D26-9990-79A187E2698E}" HKLM CLSID: (AVG Security Toolbar) - [08/25/2008 09:31 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{254B87BB-510D-41FA-A887-52C5FA9BE585}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{4982D40A-C53B-4615-B15B-B5B5E98D167C}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. "{A057A204-BACC-4D26-9990-79A187E2698E}" HKLM CLSID: (AVG Security Toolbar) - [08/25/2008 09:31 PM | 02,055,960 | ---- | M] (AVG, Technologies CZ, s.r.o ) C:\Program Files\AVG\AVG8\avgtoolbar.dll "{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}" HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened. ========== AppInit_Dlls ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls] "avgrsstx.dll" - [08/25/2008 09:32 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SYSTEM32\avgrsstx.dll ========== HKLM Security Providers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders] "msapsspc.dll schannel.dll digest.dll msnsspc.dll" - File not found ========== HKLM Winlogon Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell] "Explorer.exe" - [04/13/2008 08:12 PM | 01,033,728 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit] "C:\WINDOWS\system32\userinit.exe" - [04/13/2008 08:12 PM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\userinit.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost] "logonui.exe" - [04/13/2008 08:12 PM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\logonui.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet] "rundll32 shell32" - [04/13/2008 08:12 PM | 08,461,312 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\shell32.dll "Control_RunDLL "sysdm.cpl"" - [04/13/2008 08:12 PM | 00,300,544 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SYSTEM32\sysdm.cpl ========== User's Winlogon Settings ========== ========== Winlogon Notify Settings ========== ========== Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername" = 0 "legalnoticecaption" = "legalnoticetext" = "shutdownwithoutlogon" = 1 "undockwithoutlogon" = 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] Unable to open key or key not present! [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun" = 145 [HKEY_USERS\S-1-5-21-1614895754-1580818891-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] ========== Lsa Authentication Packages ========== ========== Lsa Security Packages ========== ========== Desktop Components ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "FriendlyName" = "My Current Home Page" "Source" = "About:Home" "SubscribedURL" = "About:Home" ========== Safeboot Options ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] "AlternateShell" = cmd.exe ========== Disabled MsConfig Items ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state] "system.ini" = 0 "win.ini" = 0 "bootini" = 0 "services" = 0 "startup" = 0 ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [05/01/2006 02:29 PM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ] Autorun.inf [[autorun] | icon = SetupWIZ.ico | open = SetupWizard.exe | ] [11/17/2003 10:16 PM | 00,000,056 | R--- | M] () D:\Autorun.inf [ CDFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3659c2-0634-11dc-a9cd-00010296faae}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5de7d663-fd86-11da-a891-00010296faae}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6eea8aa6-6c86-11db-a91e-00010296faae}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{907ec4a4-21c5-11db-a8c3-00010296faae}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{971ddd6f-e204-11db-a99c-00010296faae}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd716fb2-71fc-11dd-ab34-00173fcddafa}\Shell] "" = None [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd716fb3-71fc-11dd-ab34-00173fcddafa}\Shell] "" = Open [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell] "" = AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell] "" = Open ========== DNS Name Servers ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{6DD1ED9C-9914-4D2C-8737-B2D115F984AD}] Servers: | Description: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9CE50941-C41B-447C-ACE9-A61B2E47593D}] Servers: | Description: CNet PRO200WL PCI Fast Ethernet Adapter [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{AC6AF7E3-AC55-4DA4-B73D-AACCF697F922}] Servers: | Description: Belkin F5D5000 v2000 Desktop PCI Card [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{F12B202C-E5AC-4E68-BF7E-6FC8341B93FC}] Servers: | Description: Wireless USB Card ========== Hosts File ========== HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost ========== Files/Folders - Created Within 90 days ========== [08/23/2008 01:02 PM | ---D | C] - C:\Avenger [08/23/2008 11:52 AM | ---D | C] - C:\SDFix [08/23/2008 12:08 PM | 26,724,3520 | -HS- | C] () - C:\hiberfil.sys [08/25/2008 10:05 PM | -H-D | C] - C:\$AVG8.VAULT$ [08/26/2008 01:21 AM | 00,000,717 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapp.gif [08/26/2008 01:21 AM | 00,000,760 | ---- | C] () - C:\WINDOWS\System32\dllcache\cloapph.gif [08/26/2008 01:21 AM | 00,000,772 | ---- | C] () - C:\WINDOWS\System32\dllcache\cntd.gif [08/26/2008 01:21 AM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnt.gif [08/26/2008 01:21 AM | 00,000,773 | ---- | C] () - C:\WINDOWS\System32\dllcache\cnth.gif [08/26/2008 01:21 AM | 00,000,999 | ---- | C] () - C:\WINDOWS\System32\dllcache\bktrh.gif [08/26/2008 01:21 AM | 00,005,971 | ---- | C] () - C:\WINDOWS\System32\dllcache\events.js [08/26/2008 01:21 AM | 00,006,878 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.js [08/26/2008 01:21 AM | 00,008,298 | ---- | C] () - C:\WINDOWS\System32\dllcache\contents.htm [08/26/2008 01:21 AM | 00,009,585 | ---- | C] () - C:\WINDOWS\System32\dllcache\controls.css [08/26/2008 01:21 AM | 00,184,959 | ---- | C] () - C:\WINDOWS\System32\dllcache\compact.wmz [08/26/2008 01:21 AM | 00,381,425 | ---- | C] () - C:\WINDOWS\System32\dllcache\copycd.wmv [08/26/2008 01:22 AM | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) - C:\WINDOWS\System32\dllcache\l3codeca.acm [08/26/2008 01:23 AM | 00,000,403 | ---- | C] () - C:\WINDOWS\System32\dllcache\npdrmv2.zip [08/26/2008 01:23 AM | 00,001,885 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.cnt [08/26/2008 01:23 AM | 00,002,545 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogo.gif [08/26/2008 01:23 AM | 00,002,778 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplogoh.gif [08/26/2008 01:23 AM | 00,018,286 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.inf [08/26/2008 01:23 AM | 00,022,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\npds.zip [08/26/2008 01:23 AM | 00,097,117 | ---- | C] () - C:\WINDOWS\System32\dllcache\mplayer2.hlp [08/26/2008 01:23 AM | 00,375,519 | ---- | C] () - C:\WINDOWS\System32\dllcache\nuskin.wmv [08/26/2008 01:23 AM | 00,457,607 | ---- | C] () - C:\WINDOWS\System32\dllcache\mdlib.wmv [08/26/2008 01:24 AM | 00,000,733 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst15.wpl [08/26/2008 01:24 AM | 00,000,775 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst14.wpl [08/26/2008 01:24 AM | 00,000,783 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst13.wpl [08/26/2008 01:24 AM | 00,000,784 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst9.wpl [08/26/2008 01:24 AM | 00,000,787 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst10.wpl [08/26/2008 01:24 AM | 00,000,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst11.wpl [08/26/2008 01:24 AM | 00,000,908 | ---- | C] () - C:\WINDOWS\System32\dllcache\skins.inf [08/26/2008 01:24 AM | 00,001,036 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst8.wpl [08/26/2008 01:24 AM | 00,001,046 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst7.wpl [08/26/2008 01:24 AM | 00,001,049 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst2.wpl [08/26/2008 01:24 AM | 00,001,148 | ---- | C] () - C:\WINDOWS\System32\dllcache\snd.htm [08/26/2008 01:24 AM | 00,001,250 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst1.wpl [08/26/2008 01:24 AM | 00,001,367 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoffh.gif [08/26/2008 01:24 AM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taoff.gif [08/26/2008 01:24 AM | 00,001,380 | ---- | C] () - C:\WINDOWS\System32\dllcache\taonh.gif [08/26/2008 01:24 AM | 00,001,398 | ---- | C] () - C:\WINDOWS\System32\dllcache\taon.gif [08/26/2008 01:24 AM | 00,001,448 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst4.wpl [08/26/2008 01:24 AM | 00,001,451 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst12.wpl [08/26/2008 01:24 AM | 00,001,474 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst3.wpl [08/26/2008 01:24 AM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst5.wpl [08/26/2008 01:24 AM | 00,001,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\plylst6.wpl [08/26/2008 01:24 AM | 00,002,371 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpauseh.gif [08/26/2008 01:24 AM | 00,002,375 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplayh.gif [08/26/2008 01:24 AM | 00,002,450 | ---- | C] () - C:\WINDOWS\System32\dllcache\tpause.gif [08/26/2008 01:24 AM | 00,002,469 | ---- | C] () - C:\WINDOWS\System32\dllcache\tplay.gif [08/26/2008 01:24 AM | 00,003,187 | ---- | C] () - C:\WINDOWS\System32\dllcache\tour.js [08/26/2008 01:24 AM | 00,023,829 | ---- | C] () - C:\WINDOWS\System32\dllcache\tourbg.gif [08/26/2008 01:24 AM | 00,066,725 | ---- | C] () - C:\WINDOWS\System32\dllcache\revert.wmz [08/26/2008 01:24 AM | 00,077,307 | ---- | C] () - C:\WINDOWS\System32\dllcache\plyr_err.chm [08/26/2008 01:24 AM | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) - C:\WINDOWS\System32\dllcache\sl_anet.acm [08/26/2008 01:24 AM | 00,572,557 | ---- | C] () - C:\WINDOWS\System32\dllcache\rtuner.wmv [08/26/2008 01:25 AM | 00,000,420 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmploc.js [08/26/2008 01:25 AM | 00,000,855 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpocm.inf [08/26/2008 01:25 AM | 00,001,771 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.css [08/26/2008 01:25 AM | 00,002,477 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm5.gif [08/26/2008 01:25 AM | 00,004,193 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm8.gif [08/26/2008 01:25 AM | 00,005,290 | ---- | C] () - C:\WINDOWS\System32\dllcache\vidsamp.gif [08/26/2008 01:25 AM | 00,005,789 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm1.gif [08/26/2008 01:25 AM | 00,006,060 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm6.gif [08/26/2008 01:25 AM | 00,006,241 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm3.gif [08/26/2008 01:25 AM | 00,006,769 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmfsdk.inf [08/26/2008 01:25 AM | 00,007,369 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm4.gif [08/26/2008 01:25 AM | 00,007,636 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm2.gif [08/26/2008 01:25 AM | 00,007,892 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm9.gif [08/26/2008 01:25 AM | 00,008,677 | ---- | C] () - C:\WINDOWS\System32\dllcache\wm7.gif [08/26/2008 01:25 AM | 00,010,457 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmptour.hta [08/26/2008 01:25 AM | 00,017,272 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmdm.inf [08/26/2008 01:25 AM | 00,017,489 | ---- | C] () - C:\WINDOWS\System32\dllcache\videobg.gif [08/26/2008 01:25 AM | 00,023,195 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplay.chm [08/26/2008 01:25 AM | 00,029,070 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmp.inf [08/26/2008 01:25 AM | 00,067,374 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.adm [08/26/2008 01:25 AM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud2.wav [08/26/2008 01:25 AM | 00,086,180 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud4.wav [08/26/2008 01:25 AM | 00,086,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud5.wav [08/26/2008 01:25 AM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud3.wav [08/26/2008 01:25 AM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud8.wav [08/26/2008 01:25 AM | 00,172,196 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud9.wav [08/26/2008 01:25 AM | 00,300,969 | ---- | C] () - C:\WINDOWS\System32\dllcache\viz.wmv [08/26/2008 01:25 AM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud6.wav [08/26/2008 01:25 AM | 00,343,204 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud7.wav [08/26/2008 01:25 AM | 00,354,468 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmpaud1.wav [08/26/2008 01:25 AM | 00,613,334 | ---- | C] () - C:\WINDOWS\System32\dllcache\wmplayer.chm [08/25/2008 09:31 PM | 00,080,727 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg [08/25/2008 09:31 PM | 00,211,986 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg [08/25/2008 09:31 PM | 06,061,540 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg [08/25/2008 09:31 PM | 26,785,826 | ---- | C] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm [08/25/2008 09:31 PM | ---D | C] - C:\WINDOWS\System32\drivers\Avg [08/25/2008 09:32 PM | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys [08/25/2008 09:32 PM | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys [08/26/2008 01:21 AM | 00,064,352 | ---- | C] () - C:\WINDOWS\System32\drivers\ativmc20.cod [08/26/2008 01:23 AM | 00,067,866 | ---- | C] () - C:\WINDOWS\System32\drivers\netwlan5.img [1 C:\WINDOWS\System32\*.tmp files] [06/07/2008 03:07 PM | ---D | C] - C:\WINDOWS\System32\LogFiles [08/25/2008 09:32 PM | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll [08/26/2008 01:22 AM | 00,001,261 | ---- | C] () - C:\WINDOWS\System32\pid.inf [08/29/2008 06:12 PM | ---D | C] - C:\WINDOWS\System32\ReinstallBackups [08/29/2008 06:33 PM | ---D | C] - C:\WINDOWS\System32\en [08/29/2008 06:33 PM | ---D | C] - C:\WINDOWS\System32\scripting [6 C:\WINDOWS\*.tmp files] [08/23/2008 11:53 AM | ---D | C] - C:\WINDOWS\ERUNT [08/29/2008 06:03 PM | ---D | C] - C:\WINDOWS\EHome [08/29/2008 06:03 PM | -H-D | C] - C:\WINDOWS\$NtServicePackUninstall$ [08/29/2008 06:26 PM | ---D | C] - C:\WINDOWS\ServicePackFiles [08/29/2008 06:33 PM | ---D | C] - C:\WINDOWS\l2schemas [08/29/2008 06:44 PM | ---D | C] - C:\WINDOWS\LastGood.Tmp [08/30/2008 03:15 PM | ---D | C] - C:\WINDOWS\Prefetch [08/29/2008 06:00 PM | 00,000,284 | ---- | C] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job [08/23/2008 12:45 PM | ---D | C] - C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes [08/25/2008 09:31 PM | ---D | C] - C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8 [08/23/2008 12:45 PM | ---D | C] - C:\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\Malwarebytes [08/25/2008 09:31 PM | ---D | C] - C:\Documents and Settings\Tim.TIM-09CF61204FA\Application Data\AVGTOOLBAR [08/17/2008 02:08 PM | ---D | C] - C:\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Application Data\CyberDefender [07/07/2008 06:26 PM | 00,041,912 | ---- | C] () - C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\Resume.pdf [07/07/2008 06:43 PM | 00,054,784 | ---- | C] () - C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\RESUME-1.doc [08/05/2008 12:08 PM | 00,013,824 | ---- | C] () - C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\Totals.xls [07/10/2008 08:42 PM | 00,001,532 | ---- | C] () - C:\Documents and Settings\All Users.WINDOWS\Desktop\UltimateBet.lnk [07/26/2008 11:00 AM | 00,001,604 | ---- | C] () - C:\Documents and Settings\All Users.WINDOWS\Desktop\QuickTime Player.lnk [08/25/2008 09:32 PM | 00,001,507 | ---- | C] () - C:\Documents and Settings\All Users.WINDOWS\Desktop\AVG Free 8.0.lnk [07/10/2008 08:41 PM | 09,109,736 | ---- | C] () - C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\ubsetup.exe [08/17/2008 07:18 PM | 00,903,280 | ---- | C] (PC Pitstop LLC ) - C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\exterm-setup-0004.exe [08/23/2008 11:48 AM | 01,463,521 | ---- | C] () - C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\SDFix.exe [08/23/2008 11:52 AM | ---D | C] - C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\SDFix [08/29/2008 05:46 PM | ---D | C] - C:\Program Files\Common Files\Apple [07/10/2008 08:42 PM | ---D | C] - C:\Program Files\UltimateBet [07/26/2008 10:59 AM | ---D | C] - C:\Program Files\QuickTime [07/26/2008 11:01 AM | ---D | C] - C:\Program Files\Bonjour [08/17/2008 07:20 PM | ---D | C] - C:\Program Files\PCPitstop [08/23/2008 11:43 AM | ---D | C] - C:\Program Files\Trend Micro [08/25/2008 09:31 PM | ---D | C] - C:\Program Files\AVG [08/29/2008 05:42 PM | ---D | C] - C:\Program Files\Safari [08/29/2008 05:56 PM | ---D | C] - C:\Program Files\iPod [08/29/2008 05:56 PM | ---D | C] - C:\Program Files\iTunes ========== Files - Modified Within 90 days ========== [08/29/2008 06:15 PM | 00,250,048 | RHS- | M] () - C:\ntldr [08/30/2008 03:15 PM | 26,724,3520 | -HS- | M] () - C:\hiberfil.sys [08/25/2008 09:31 PM | 06,061,540 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\avi7.avg [08/25/2008 09:33 PM | 00,211,986 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\miniavi.avg [08/30/2008 03:18 PM | 00,080,727 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\microavi.avg [09/01/2008 08:37 AM | 26,785,826 | ---- | M] () - C:\WINDOWS\System32\drivers\Avg\incavi.avm [08/23/2008 12:00 PM | 00,000,686 | ---- | M] () - C:\WINDOWS\System32\drivers\ETC\HOSTS [08/25/2008 09:32 PM | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgmfx86.sys [08/30/2008 09:08 AM | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\drivers\avgldx86.sys [1 C:\WINDOWS\System32\*.tmp files] [08/25/2008 09:32 PM | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) - C:\WINDOWS\System32\avgrsstx.dll [08/30/2008 03:15 PM | 00,126,112 | ---- | M] () - C:\WINDOWS\System32\FNTCACHE.DAT [08/30/2008 03:17 PM | 00,002,422 | ---- | M] () - C:\WINDOWS\System32\wpa.dbl [08/30/2008 03:19 PM | 00,041,040 | ---- | M] () - C:\WINDOWS\System32\perfc009.dat [08/30/2008 03:19 PM | 00,314,838 | ---- | M] () - C:\WINDOWS\System32\perfh009.dat [08/30/2008 03:19 PM | 00,360,124 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI [6 C:\WINDOWS\*.tmp files] [07/24/2008 07:23 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn [08/23/2008 08:14 PM | 00,000,690 | ---- | M] () - C:\WINDOWS\win.ini [08/29/2008 07:04 PM | 00,002,675 | ---- | M] () - C:\WINDOWS\imsins.BAK [08/30/2008 03:15 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
  12. Ok thanks, i got a lot of it done, but for some reason the link on the last step was bad and it kept saying page cannot be found. so here are the logs from the other 2 things i ran: SDFix: Version 1.218 Run by Tim on Sat 08/23/2008 at 12:00 PM Microsoft Windows XP [Version 5.1.2600] Running From: C:\Documents and Settings\Tim.TIM-09CF61204FA\Desktop\SDFix Checking Services : Restoring Default Security Values Restoring Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Documents and Settings\Tim\Application Data\Install.dat - Deleted C:\PROGRA~1\APPLIC~1\WCM.EXE - Deleted C:\Documents and Settings\All Users.WINDOWS\Start Menu\Antivirus Scan.url - Deleted C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Spyware Test.url - Deleted C:\Documents and Settings\Tim.TIM-09CF61204FA\Favorites\Antivirus Scan.url - Deleted C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\My Documents.url - Deleted C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\My Music\My Music.url - Deleted C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\My Pictures\My Pictures.url - Deleted C:\Documents and Settings\Tim.TIM-09CF61204FA\My Documents\My Videos\My Video.url - Deleted C:\Program Files\Applications\iebr.dll - Deleted C:\Program Files\Applications\iebtm.exe - Deleted C:\Program Files\Applications\iebtmm.exe - Deleted C:\Program Files\Applications\iebtu.exe - Deleted C:\Program Files\Applications\iebu.exe - Deleted C:\Program Files\Applications\myd.ico - Deleted C:\Program Files\Applications\mym.ico - Deleted C:\Program Files\Applications\myp.ico - Deleted C:\Program Files\Applications\myv.ico - Deleted C:\Program Files\Applications\ot.ico - Deleted C:\Program Files\Applications\ts.ico - Deleted C:\Program Files\Applications\wcm.exe - Deleted C:\Program Files\Applications\wcs.exe - Deleted C:\Program Files\Applications\wcu.exe - Deleted C:\Program Files\ASpyC\SpyWarning.dll - Deleted C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll - Deleted C:\WINDOWS\hosts - Deleted C:\WINDOWS\system32\857060\857060.dll - Deleted C:\WINDOWS\system32\ubpr01.exe - Deleted Folder C:\Program Files\Applications - Removed Folder C:\Program Files\ASpyC - Removed Folder C:\WINDOWS\system32\857060 - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 12:26:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Application Loader" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon" "C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed" "C:\\Program Files\\Common Files\\AOL\\1148950053\\EE\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1148950053\\EE\\AOLServiceHost.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL" "C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL" "C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Warez\\Warez.exe"="C:\\Program Files\\Warez\\Warez.exe:*:Enabled:Warez3" "C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM" "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas280.exe"="C:\\Program Files\\CyberDefender\\AntiSpyware\\cdas280.exe:*:Enabled:CyberDefender Internet Security" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" Remaining Files : File Backups: - C:\DOCUME~1\TIM~1.TIM\Desktop\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 28 Apr 2005 4 A..H. --- "C:\ajspu.sys" Fri 12 Mar 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 12 Mar 2004 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv19.bak" Tue 16 May 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak" Sun 30 Apr 2006 0 A.SH. --- "C:\Documents and Settings\Tim\Local Settings\Temp\$b17a2e8.tmp" Wed 25 Jan 2006 1,900 A..H. --- "C:\Documents and Settings\Tim\Local Settings\Temp\a.exe" Thu 27 Nov 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg" Thu 27 Nov 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg" Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\BIT6.tmp" Thu 15 Dec 2005 141,824 A..H. --- "C:\Documents and Settings\Tim\Application Data\Microsoft\Templates\~WRL3219.tmp" Thu 9 Sep 2004 262,144 A..H. --- "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.BAK" Thu 9 Sep 2004 262,144 A..H. --- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.BAK" Thu 9 Sep 2004 262,144 A..H. --- "C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Windows\UsrClass.BAK" Finished! --and-- Malwarebytes' Anti-Malware 1.25 Database version: 1078 Windows 5.1.2600 Service Pack 2 1:00:14 PM 8/23/2008 mbam-log-08-23-2008 (13-00-14).txt Scan type: Quick Scan Objects scanned: 52100 Time elapsed: 11 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 12 Registry Values Infected: 8 Registry Data Items Infected: 4 Folders Infected: 3 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\SYSTEM32\ouhzw.dll (Trojan.Zlob) -> Delete on reboot. Registry Keys Infected: HKEY_CLASSES_ROOT\CLSID\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{cd24eb02-9831-4838-99d0-726d411b1328} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f20da564-9254-49fe-a678-cc3cef172252} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\cdmyidd.securitytoolbar.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\x123.x123mgr (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\x123.x123mgr.1 (Adware.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ASpyC (Rogue.AntiSpyCheck) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{97d2dfac-9acb-4d6f-ac2b-ab6ee090f649} (Trojan.Zlob.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully. C:\WINDOWS\inet20001 (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Start Menu\Programs\BraveSentry (Rogue.Brave.Sentry) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\ouhzw.dll (Trojan.Zlob.H) -> Delete on reboot. C:\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Application Data\CyberDefender\cdmyidd.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\1.dlb (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vx2.game (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vxt4.game (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Start Menu\Programs\BraveSentry\BraveSentry.lnk (Rogue.Brave.Sentry) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Start Menu\Programs\BraveSentry\Uninstall.lnk (Rogue.Brave.Sentry) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Application Data\tvmknwrd.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vx1.game (Heuristics.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vx3.game (Heuristics.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vx4.game (Heuristics.Malware) -> Quarantined and deleted successfully. C:\Documents and Settings\Tim\Local Settings\Temp\vx6.game (Heuristics.Malware) -> Quarantined and deleted successfully. thanks again!
  13. I have run a couple of spyware searches and have deleted over 200 corrupted files, but my comp is still having some problems. here is my HJT log, thanks Logfile of HijackThis v1.99.1 Scan saved at 7:06:04 PM, on 8/17/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\SealedMedia\sealmon.exe C:\WINDOWS\system32\umonit.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ubpr01.exe C:\Program Files\CyberDefender\AntiSpyware\cdas280.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\TIM~1.TIM\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) R3 - URLSearchHook: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Application Data\CyberDefender\cdmyidd.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: (no name) - {300CF5C9-F02D-4CB8-ABED-9C229DA56825} - C:\Program Files\Applications\iebt.dll O2 - BHO: 857060 helper - {6CCBAFC1-5285-494F-93F1-6894C87A9C43} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Application Data\CyberDefender\cdmyidd.dll O2 - BHO: SpyWarningBHO Class - {F58FF278-2198-403b-9170-C95022A194C6} - C:\Program Files\ASpyC\SpyWarning.dll O3 - Toolbar: Internet Service - {254B87BB-510D-41FA-A887-52C5FA9BE585} - C:\Program Files\Applications\iebr.dll O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\Tim.TIM-09CF61204FA\Local Settings\Application Data\CyberDefender\cdmyidd.dll O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\MOffice.exe O4 - HKLM\..\Run: [sealmon] C:\Program Files\SealedMedia\sealmon.exe O4 - HKLM\..\Run: [uMonit] C:\WINDOWS\system32\umonit.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\ubpr01.exe O4 - HKCU\..\Run: [ASpyC] "C:\Program Files\ASpyC\ASpyC.exe" O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas280.exe" /minimize O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file) O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.iexplorerfiles.com/redirect.php (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe O9 - Extra button: (no name) - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - (no file) O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing) O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {2703049B-D81D-4763-A3C6-AF8932FCBD8F} (CheckFileStatus.UserControl1) - https://am.hrblock.com/ActivexComponent/CheckFileStatus.CAB O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  14. Logfile of HijackThis v1.99.1 Scan saved at 4:52:08 PM, on 11/20/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe C:\PROGRA~1\VCOM\SYSTEM~1\mxtask.exe C:\Program Files\Dell\Support\Alert\bin\DAMon.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Tim\Desktop\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\SYSTEM~1\MemCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing) O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing) O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://www.support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1126288388373 O17 - HKLM\System\CCS\Services\Tcpip\..\{451F6C44-2D49-4F20-B429-9915696E2321}: NameServer = 68.87.64.196,68.87.66.196 O17 - HKLM\System\CCS\Services\Tcpip\..\{DC0D1CC3-E950-42AE-8897-B201886CB2B8}: NameServer = 68.35.192.5,68.35.192.6 O17 - HKLM\System\CS1\Services\Tcpip\..\{451F6C44-2D49-4F20-B429-9915696E2321}: NameServer = 68.87.64.196,68.87.66.196 O17 - HKLM\System\CS2\Services\Tcpip\..\{451F6C44-2D49-4F20-B429-9915696E2321}: NameServer = 68.87.64.196,68.87.66.196 O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SystemSuite Task Manager - V Communications, Inc. - C:\PROGRA~1\VCOM\SYSTEM~1\MXTask.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 4:51:27 PM, 11/20/2005 + Report-Checksum: 7D5E3C65 + Scan result: C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup C:\Documents and Settings\Tim\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP416\A0034433.ini -> Adware.SAHA : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP416\A0034434.exe -> TrojanDownloader.Vivia.p : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP416\A0034435.exe -> TrojanDownloader.Vivia.p : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP416\A0034436.exe -> TrojanDownloader.Vivia.p : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP416\A0034437.exe -> TrojanDownloader.Vivia.p : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP418\A0034610.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP418\A0034610.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP418\A0034610.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP418\A0034610.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup C:\WINDOWS\SYSTEM32\c40b6s.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup C:\WINDOWS\SYSTEM32\c40b6s.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup C:\WINDOWS\SYSTEM32\c40b6s.dll/bi.dll -> Spyware.BiSpy : Cleaned with backup C:\WINDOWS\SYSTEM32\c40b6s.dll/biprep.exe -> Trojan.Bispy.B : Cleaned with backup ::Report End
  15. the problem with doing that is that I have XP professional on my computer somehow and have an XP home edition cd, so i cant put in the cd. I think that if I just reload the windows that my update probs will be fixed, but I also think that I will lose all the data saved on my comp. Is that true?
×
×
  • Create New...