Active AVSecurity Virus

[Active] AVSecurity Virus

Hello, I got this virus yesterday evening by opening an email from a known contact in yahoo mail. In safe mode I ran Mbam, it found and deleted 2 files and 6 registry items. Ran AVG and it found nothing. On reboot ran avg again after updating again it found nothing. Ran Kaspersky Online overnight and it found one item in restore. I turned off system restore and rebooted. Also ran TFC, which I do every week.

Cannot update SuperAntispyware, Windows Defender nor can I get a connection through IE. It keep saying to check my firewall.

Thank you for you time and help.
Deb



DDS (Ver_10-03-17.01) - NTFSx86
Run by Rick and Deb at 8:10:08.42 on Tue 07/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.12 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.4\weatherpulse.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Rick and Deb\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.myway.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Billeo: {465e08e7-f005-4389-980f-1d8764b3486c} - c:\program files\billeo\billeo.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Itiva Media Accelerator] c:\program files\itiva\itiva media accelerator\ItivaMediaAccelerator.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\rickan~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
mPolicies-explorer: <NO NAME> =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} - hxxp://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} - hxxp://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rickan~1\applic~1\mozilla\firefox\profiles\u4c6amlz.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\rick and deb\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\rick and deb\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\itiva\itiva media accelerator\npima.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-11-17 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-8 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-8 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-8 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]
S0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-14 64288]
S2 mrtRate;mrtRate; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]

=============== Created Last 30 ================


==================== Find3M ====================

2010-07-06 12:49:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-02 16:44:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-13 16:20:57 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-13 16:20:52 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2006-11-08 14:17:47 774144 ----a-w- c:\program files\RngInterstitial.dll
2001-07-26 22:58:46 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 18:46:44 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 22:36:42 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 20:22:14 1437 ----a-w- c:\program files\gtx73.ini
2008-08-30 13:30:50 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008083020080831\index.dat

============= FINISH: 8:12:24.00 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/16/2003 10:46:23 PM
System Uptime: 7/6/2010 7:31:45 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0N2828
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 74 GiB total, 55.646 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 7/6/2010 7:35:32 AM - System Checkpoint

==== Installed Programs ======================


Acrobat.com
Acrophobia
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Reader 7.0.8
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.0
AiO_Scan_CDA
AiOSoftwareNPI
Apple Software Update
ArtistScope Plugin IE 42
AVG Free 9.0
Banctec Service Agreement
BCM V.92 56K Modem
Bejeweled Deluxe 1.862
BroadJump Client Foundation
BufferChm
Choice Guard
Contraptions Demo
Coupon Printer for Windows
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Critical Update for Windows Media Player 11 (KB959772)
Cross Stitch Design Studio
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Media Experience
Dell Networking Guide
Dell Solution Center
Dell Support 5.0.0 (766)
Destinations
DeviceManagementQFolder
DocProc
DS21Patch
DVD Shrink 3.2
DVDSentry
eSupportQFolder
F300
F300_Help
F300Trb
Facebook Plug-In
Family Tree Maker 2006
Family Tree Maker Version 16
Fax_CDA
Free Password Manager Plus
GdiplusUpgrade
Generations® Deluxe 6
GenSmarts
GoGear VIBE Device Manager
Hard Truck 2
Help and Support Customization
HijackThis 2.0.2
Hot Rod Garage to Glory
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Hoyle Board Games 3 Demo
Hoyle Card Games 2 OEM
Hoyle Casino 5
Hoyle Solitaire and Mahjong
Hoyle Word Games Demo
HP Extended Capabilities 6.1
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP PSC & OfficeJet 6.1.A
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
Image Resizer Powertoy for Windows XP
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet
Internet Explorer Default Page
Internet Explorer Q903235
Invoke Solutions Participant 6.2.0.1450
Itiva Media Accelerator
Java 2 Runtime Environment, SE v1.4.2
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Keynote Connector
KODAK EASYSHARE Gallery Upload ActiveX Control
Lizardtech DjVu Control (autoinstall)
Logitech Gaming Software
Logitech MouseWare 9.70
Malwarebytes' Anti-Malware
MarketResearch
MasterCook 6: Deluxe Edition
Match-Up!
Media Converter for Philips
MediaFACE 4.0
MediaFACE 4.0 Image Library
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Command & Control Engine
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Photo 7.0
Microsoft Silverlight
Microsoft Speech API 3.0
Microsoft Speech Lexicon
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Word 2002
Microsoft Works 2003 Setup Launcher
Microsoft Works 7.0
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Move Media Player
Mozilla Firefox (3.0.10)
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
NewCopy_CDA
NVIDIA Display Driver
NVIDIA Drivers
Panda ActiveScan
Panda ActiveScan 2.0
Panda spyXposer
PCStitch 5
PCStitch Lite
PCStitch Pattern Viewer
Picasa 3
PowerDVD
ProductContextNPI
Puzzle Master
Qualxserve Service Agreement
Quicken 2004
QuickTime
Readme
RealArcade
RealOne Player
Rhapsody
Ricochet Lost Worlds
Riddle of the Sphinx(tm)
ROBLOX
Scan
ScannerCopy
Secunia PSI
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
Shockwave
Solitaire
SolutionCenter
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live!
Status
SUPERAntiSpyware Free Edition
System Requirements Lab
Tonka Raceway
Toolbox
TrayApp
Ultimate Mahjongg 15
Unload
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Weather Pulse 2.2.4.4
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Defender
Windows Defender Signatures
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
Works Suite OS Pack
WOT for Internet Explorer
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The Creative Service for CDROM Access service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
7/5/2010 7:42:54 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
7/5/2010 7:42:54 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
7/5/2010 11:10:04 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/5/2010 11:09:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
7/5/2010 11:09:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2010 11:09:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
7/5/2010 11:09:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
6/29/2010 7:41:45 PM, error: Service Control Manager [7000] - The User Profile Hive Cleanup service failed to start due to the following error: The system cannot find the path specified.
6/29/2010 7:41:45 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
6/29/2010 7:41:45 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
6/29/2010 7:41:45 PM, error: Service Control Manager [7000] - The Lexmark X73 MFP Scanner service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

 

Please run MBA-M in normal mode and post the log.

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Mbma log

Thank you for your time and help!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4286

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2010 8:55:33 PM
mbam-log-2010-07-06 (20-55-33).txt

Scan type: Quick scan
Objects scanned: 173371
Time elapsed: 10 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

OLT log

OTL logfile created on: 7/6/2010 9:03:32 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Rick and Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 55.51 Gb Free Space | 74.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RDMU85
Current User Name: Rick and Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
PRC - [2010/07/06 07:48:47 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/16 12:35:01 | 001,441,280 | ---- | M] (Billeo, Inc.) -- C:\Program Files\Billeo\billeo.exe
PRC - [2010/06/02 11:44:13 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:44:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:44:10 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:43:30 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:43:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 11:56:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:55:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2008/06/04 18:09:56 | 004,994,288 | ---- | M] (Itiva Digital Media) -- C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2002/07/10 11:03:34 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2002/07/01 10:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2002/07/01 10:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPHClean)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 07:48:47 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/12 11:56:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 11:55:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/02/14 17:45:44 | 000,266,240 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CSHelper.exe -- (CSHelper)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Alltel\QUICKL~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Lxarscan.sys -- (LXARScan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICKAN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/06 07:49:09 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 11:44:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:44:11 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:55:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 16:06:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/24 06:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/05/02 14:15:48 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2005/06/03 15:08:47 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/05/14 00:54:34 | 000,014,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys -- (WmHidLo)
DRV - [2004/05/14 00:54:32 | 000,021,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2004/05/14 00:54:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2004/05/14 00:54:26 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2004/05/14 00:54:24 | 000,044,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/02 11:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/02 11:20:51 | 000,040,508 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002/07/02 11:20:51 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/07/02 11:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002/07/02 11:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://my.myway.com/ "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/04 19:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/06/19 16:19:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 21:18:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/06 13:42:24 | 000,000,000 | ---D | M]

[2009/04/17 09:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Extensions
[2010/07/06 13:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions
[2008/05/24 12:13:38 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/06/16 12:35:54 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2009/04/17 09:34:02 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/07/06 13:41:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/07/06 13:42:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/09 12:58:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/12/31 21:00:16 | 000,000,698 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\billeo.lnk = C:\Program Files\Billeo\billeo.exe (Billeo, Inc.)
O4 - Startup: C:\Documents and Settings\Rick and Deb\Start Menu\Programs\Startup\WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File not found
O12 - Plugin for: .hlq - C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll (Octopus Media, LLC.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([int02] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: smartsource.com ([coupons] http in Trusted sites)
O15 - HKCU\..Trusted Domains: smartsource.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://imagin.munpl.org/wx/client/IrcViewer.cab (CompositeView Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Pitts at night.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Pitts at night.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Continues in next post...

 

OTL cont.

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2100/02/08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2010/07/06 20:43:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
[2010/07/06 13:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/06 07:53:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/05 10:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\fvrmajhrk
[2010/06/19 16:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2010/06/19 16:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\ArcSoft
[2010/06/19 16:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\ArcSoft
[2010/06/19 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/06/19 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/06/19 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/06/19 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2010/06/19 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\InstallShield
[2010/06/11 16:40:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rick and Deb\Recent
[2010/06/10 09:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\My Documents\ING statements
[2010/05/27 09:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\Facebook
[2010/05/13 11:21:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/13 11:15:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/13 11:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2002/04/11 01:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/06 21:06:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job
[2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
[2010/07/06 19:45:21 | 000,001,363 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/06 19:45:21 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/07/06 08:25:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/06 08:08:18 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\dds.scr
[2010/07/06 07:52:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/06 07:49:09 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 07:34:25 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\billeo.lnk
[2010/07/06 07:34:05 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/06 07:33:53 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/06 07:32:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/06 07:32:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/06 07:31:02 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\ntuser.dat
[2010/07/06 07:31:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick and Deb\NTUSER.INI
[2010/07/06 07:26:10 | 061,677,838 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 07:24:23 | 000,002,943 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Kaspersky.html
[2010/07/05 09:45:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2010/07/02 13:22:27 | 000,002,185 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/01 07:56:18 | 000,013,725 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\NoLemon_Pie.pdf
[2010/06/23 07:42:38 | 000,553,592 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 07:42:38 | 000,478,748 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/23 07:42:38 | 000,085,154 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 18:49:17 | 001,156,692 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\pattern.jpg
[2010/06/20 22:08:05 | 000,826,431 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\HealthForm[1].pdf
[2010/06/20 08:24:22 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/20 08:24:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/19 17:14:41 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\mcs.rma
[2010/06/19 17:14:41 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\E788F1
[2010/06/19 16:15:46 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Philips GoGear VIBE Device Manager.lnk
[2010/06/18 09:47:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\obits.bmp
[2010/06/14 14:24:07 | 000,022,621 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\untitled2.JPG
[2010/06/12 08:13:33 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Schmidtchen Church records.doc
[2010/06/10 19:24:10 | 000,409,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 19:13:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/02 11:44:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:44:11 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/28 15:52:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Thrifty Parking coupon.doc
[2010/05/24 21:38:52 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Trip.doc
[2010/05/22 18:22:22 | 001,018,943 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\john in drag.JPG
[2010/05/18 09:02:01 | 000,012,351 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Death_by_mail pa.pdf
[2010/05/13 11:20:57 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/13 11:20:52 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/13 11:15:30 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/05/12 14:57:56 | 000,041,642 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\schmidtchen.rtf
[2010/05/09 15:56:33 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\the helmet.doc
[2010/04/30 20:40:46 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 21:54:44 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Ramada Burbank Airport.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 12:52:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\stein.bmp

========== Files Created - No Company Name ==========

[2100/02/23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/07/06 08:08:25 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\dds.scr
[2010/07/06 08:05:45 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/06 07:24:23 | 000,002,943 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Kaspersky.html
[2010/07/01 07:56:18 | 000,013,725 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\NoLemon_Pie.pdf
[2010/06/22 18:49:05 | 001,156,692 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\pattern.jpg
[2010/06/20 22:08:05 | 000,826,431 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\HealthForm[1].pdf
[2010/06/19 16:45:09 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\mcs.rma
[2010/06/19 16:45:09 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\E788F1
[2010/06/19 16:15:46 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Philips GoGear VIBE Device Manager.lnk
[2010/06/14 08:52:40 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Trip.doc
[2010/06/14 08:49:17 | 001,018,943 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\john in drag.JPG
[2010/06/14 08:45:51 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Ramada Burbank Airport.doc
[2010/05/28 15:51:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Thrifty Parking coupon.doc
[2010/05/28 08:51:39 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Schmidtchen Church records.doc
[2010/05/18 09:02:01 | 000,012,351 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Death_by_mail pa.pdf
[2010/05/13 11:15:30 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/05/12 13:06:03 | 000,041,642 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\schmidtchen.rtf
[2010/05/09 15:56:32 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\the helmet.doc
[2010/05/05 10:46:31 | 000,022,621 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\untitled2.JPG
[2009/08/02 17:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\.picasa.ini
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/20 19:16:16 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/25 08:21:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/05/02 14:15:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 16:33:27 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/25 10:22:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/04 20:00:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/12/04 20:00:15 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2006/07/31 08:57:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Rick and Deb.ini
[2006/07/22 21:42:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/06/28 07:57:36 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/24 21:07:31 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/05/15 15:55:20 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PZMSTART.INI
[2005/12/30 17:32:31 | 000,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2005/11/27 12:32:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/09/29 17:04:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2005/09/17 16:47:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/01/24 20:11:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/12/19 16:35:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/01 18:54:47 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/12/01 18:54:46 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/12/01 18:53:44 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/11/08 18:42:36 | 000,000,482 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/09/30 15:26:32 | 000,004,688 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/02 14:35:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Tonka_Raceway.INI
[2004/06/28 13:03:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/05/25 14:19:06 | 000,001,774 | ---- | C] () -- C:\WINDOWS\Pcs5.ini
[2004/03/13 17:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/03/12 17:34:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/02/09 17:08:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/07 18:32:39 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/02/07 18:30:52 | 000,000,799 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/11 11:41:38 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/01 15:42:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/01/01 13:59:16 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2004/01/01 13:57:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/01/01 13:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/01/01 13:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/12/19 17:13:11 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2003/12/17 14:18:19 | 000,002,185 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/17 14:18:16 | 000,001,270 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/12/17 14:02:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2003/12/11 19:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/11 19:21:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/12/11 19:21:31 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/12/11 19:21:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/12/11 19:21:30 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/12/11 19:21:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/12/11 19:21:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/12/11 19:19:45 | 000,000,192 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/11 19:15:00 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/11 18:57:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/11 18:44:30 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/06 15:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 15:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 15:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/14 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/08 14:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/26 22:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/11/26 22:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/30 06:10:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/12 08:42:50 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/10/24 10:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/04/20 04:15:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/12/12 08:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/11 21:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2004/03/16 17:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2008/05/12 17:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/08/10 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/05 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Itiva
[2008/06/01 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/06/26 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ROBLOX
[2008/08/21 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads
[2008/11/22 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/10 17:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/12/12 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.1
[2009/12/14 06:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.3
[2010/02/25 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.4
[2010/05/13 11:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/19 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\AVG9
[2009/02/23 13:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\CoxFastConnect20
[2010/01/09 12:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\E-centives
[2010/05/27 09:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Facebook
[2008/06/01 08:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\GameHouse
[2009/03/02 16:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Image Zone Express
[2009/01/03 21:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Keynote Systems
[2003/12/19 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Leadertech
[2007/03/27 16:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\MyFamily.com
[2008/10/08 09:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\OfficeUpdate12
[2006/01/03 11:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\pixelStorm
[2007/11/19 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Printer Info Cache
[2008/06/26 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\ROBLOX
[2005/12/01 21:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Smith Micro
[2007/11/22 19:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Viewpoint
[2004/01/29 14:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Vividence
[2009/08/22 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Weather Pulse
[2009/12/14 06:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\WeatherPulse
[2010/07/06 07:52:14 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/05 09:45:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2010/07/06 08:25:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/06 21:06:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe


< MD5 for: AGP440.SYS >
[2005/12/25 20:28:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/08/29 20:57:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2005/12/25 20:28:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/08/29 20:57:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp1.cab:atapi.sys
[2005/12/25 20:28:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/08/29 20:57:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2005/12/25 20:28:59 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/08/29 20:57:19 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys
[2002/08/29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2003/04/23 10:29:54 | 000,087,296 | ---- | M] (Microsoft Corporation) MD5=E52B3B3F78C9AE85806CE49DCDD80C18 -- C:\I386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/09/03 09:47:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2002/09/03 09:47:18 | 000,602,112 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2002/09/03 09:47:18 | 000,380,928 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV
< End of report >

 

Extra Log

OTL Extras logfile created on: 7/6/2010 9:03:32 PM - Run 1
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Rick and Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 251.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 55.51 Gb Free Space | 74.55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RDMU85
Current User Name: Rick and Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:HP Software Update Client -- (Hewlett-Packard)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*isabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{272C2E66-6D29-4FB3-835B-05A4ED8E63FD}" = ROBLOX
"{2B59AB31-EBD0-45E4-A725-7112904DA605}" = Family Tree Maker Version 16
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{410438A3-B591-4028-B70A-3CC0B33FBCD1}" =
"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.70
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = Sonic MyDVD
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{648F9C94-EC44-487B-9DA4-44ED72A082CC}" = Logitech Gaming Software
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B5D7474-999D-4FEE-891C-995B0B4FFE9B}" = Hot Rod Garage to Glory
"{7BB3D57E-6FA1-47A1-8068-A405F81CE4E4}" = PCStitch Pattern Viewer
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{9B79DCB0-AAD7-456B-8D07-433C936FA24B}" = DS21Patch
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel(R) PROSet
"{AAA11090-6E99-4655-AAF5-57EB5F677D0C}" = MarketResearch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D6773D4D-524A-4BC2-B6C5-00BAC71A4260}" = Cross Stitch Design Studio
"{D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}_is1" = Invoke Solutions Participant 6.2.0.1450
"{DB6BD5D5-8482-45C0-99CF-745C5B924497}" = WOT for Internet Explorer
"{DDF7C002-D51E-4F4D-92FE-3CC3B4112F5B}" = Contraptions Demo
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE6A5302-7D78-4581-A05D-3CBE6B7E02FA}" = PCStitch Lite
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"Acrophobia" = Acrophobia
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArtistScope Plugin IE 424.2.0.0" = ArtistScope Plugin IE 42
"AVG9Uninstall" = AVG Free 9.0
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Bejeweled Deluxe 1.862" = Bejeweled Deluxe 1.862
"BroadJump Client Foundation" = BroadJump Client Foundation
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DellSupport" = Dell Support 5.0.0 (766)
"DjVu" = Lizardtech DjVu Control (autoinstall)
"DVD Shrink_is1" = DVD Shrink 3.2
"Free Password Manager Plus" = Free Password Manager Plus
"Generations® Deluxe 6" = Generations® Deluxe 6
"GenSmarts_is1" = GenSmarts
"Hard Truck 2" = Hard Truck 2
"HijackThis" = HijackThis 2.0.2
"Hoyle Board Games 3 Demo" = Hoyle Board Games 3 Demo
"Hoyle Card Games 2 OEM" = Hoyle Card Games 2 OEM
"Hoyle Casino 5" = Hoyle Casino 5
"Hoyle Solitaire and Mahjong" = Hoyle Solitaire and Mahjong
"Hoyle Word Games Demo" = Hoyle Word Games Demo
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HPExtendedCapabilities" = HP Extended Capabilities 6.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"Itiva Media Accelerator" = Itiva Media Accelerator
"KeynoteConnector" = Keynote Connector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MasterCook 6: Deluxe Edition" = MasterCook 6: Deluxe Edition
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCnC" = Microsoft Command & Control Engine
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSLex" = Microsoft Speech Lexicon
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"Panda ActiveScan" = Panda ActiveScan
"Panda spyXposer" = Panda spyXposer
"PCStitch 5" = PCStitch 5
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"Puzzle Master" = Puzzle Master
"Q903235" = Internet Explorer Q903235
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealOne Player
"Rhapsody" = Rhapsody
"Ricochet Lost Worlds_is1" = Ricochet Lost Worlds
"ROTS_Remove" = Riddle of the Sphinx(tm)
"Secunia PSI" = Secunia PSI
"Shockwave" = Shockwave
"Solitaire" = Solitaire
"SpeechAPI" = Microsoft Speech API 3.0
"SystemRequirementsLab" = System Requirements Lab
"Tonka Raceway" = Tonka Raceway
"Ultimate Mahjongg 15" = Ultimate Mahjongg 15
"Weather Pulse 2.2.4.4" = Weather Pulse 2.2.4.4
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2010 9:05:59 AM | Computer Name = RDMU85 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/2/2010 9:16:51 AM | Computer Name = RDMU85 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/2/2010 9:17:15 AM | Computer Name = RDMU85 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 7/3/2010 12:26:08 PM | Computer Name = RDMU85 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 7/3/2010 12:26:12 PM | Computer Name = RDMU85 | Source = Application Error | ID = 1001
Description = Fault bucket 1188882954.

Error - 7/5/2010 7:22:14 PM | Computer Name = RDMU85 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/5/2010 7:22:18 PM | Computer Name = RDMU85 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/6/2010 9:03:21 AM | Computer Name = RDMU85 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/6/2010 9:28:25 AM | Computer Name = RDMU85 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

Error - 7/6/2010 9:33:28 AM | Computer Name = RDMU85 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80072efd, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 7/5/2010 8:42:54 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/5/2010 8:42:54 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/5/2010 8:48:08 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 7/5/2010 8:48:08 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/5/2010 8:48:08 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/5/2010 8:48:08 PM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The User Profile Hive Cleanup service failed to start due to the following
error: %%3

Error - 7/6/2010 8:33:50 AM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The Lexmark X73 MFP Scanner service failed to start due to the following
error: %%2

Error - 7/6/2010 8:33:50 AM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/6/2010 8:33:50 AM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 7/6/2010 8:33:50 AM | Computer Name = RDMU85 | Source = Service Control Manager | ID = 7000
Description = The User Profile Hive Cleanup service failed to start due to the following
error: %%3


< End of report >

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/cust...search/ie.html
  IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:  "ProxyServer" = http=127.0.0.1:5577
  [2010/07/05 10:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\fvrmajhrk
  FF - prefs.js..browser.startup.homepage:  "http://my.myway.com/ "
  
  :Commands
  [emptyflash]
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

===========

How is the pc?

 

Fix log

I was able to update SuperAntispyware and also load IE. SuperAntispyware did have a notice saying my homepage was change to a blank page. I just X'd out the box. Should I allow or block?

Thank you again for you time!
~Deb

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomSearch| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\fvrmajhrk folder moved successfully.
Prefs.js: "http://my.myway.com/" removed from browser.startup.homepage
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: Administrator.RDMU85

User: All Users

User: Default User
->Flash cache emptied: 41620 bytes

User: Guest
->Flash cache emptied: 300 bytes

User: John
->Flash cache emptied: 111358 bytes

User: LocalService

User: Mike
->Flash cache emptied: 72203 bytes

User: NetworkService

User: Rick and Deb
->Flash cache emptied: 1458000 bytes

Total Flash Files Cleaned = 2.00 mb


[EMPTYTEMP]

User: Administrator

User: Administrator.RDMU85
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: John
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 2152 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Rick and Deb
->Temp folder emptied: 108790493 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 128020 bytes
->FireFox cache emptied: 97391332 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16369 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 197.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.1 log created on 07072010_074228

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

Quickscan log

OTL logfile created on: 7/7/2010 7:57:11 AM - Run 2
OTL by OldTimer - Version 3.2.7.1 Folder = C:\Documents and Settings\Rick and Deb\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 211.00 Mb Available Physical Memory | 41.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 800 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 55.70 Gb Free Space | 74.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RDMU85
Current User Name: Rick and Deb
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
PRC - [2010/07/06 07:48:47 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/06/16 12:35:01 | 001,441,280 | ---- | M] (Billeo, Inc.) -- C:\Program Files\Billeo\billeo.exe
PRC - [2010/06/02 11:44:13 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 11:44:11 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 11:44:10 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 11:43:30 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 11:43:28 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/12 11:56:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 11:55:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2008/06/04 18:09:56 | 004,994,288 | ---- | M] (Itiva Digital Media) -- C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2002/07/10 11:03:34 | 000,024,651 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
PRC - [2002/07/01 10:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE


========== Modules (SafeList) ==========

MOD - [2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx
MOD - [2002/07/01 10:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (UPHClean)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/06 07:48:47 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/12 11:56:48 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 11:55:41 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/02/14 17:45:44 | 000,266,240 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CSHelper.exe -- (CSHelper)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\Alltel\QUICKL~1\SMNDIS5.SYS -- (SMNDIS5)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\Lxarscan.sys -- (LXARScan)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\RICKAN~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/06 07:49:09 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/02 11:44:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 11:44:11 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 11:55:40 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/05 16:06:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/05 16:06:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/05 16:06:28 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/24 06:03:08 | 000,007,808 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\psi_mf.sys -- (PSI)
DRV - [2008/05/16 14:01:00 | 006,557,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/05/02 14:15:48 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)
DRV - [2005/06/03 15:08:47 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2004/05/14 00:54:34 | 000,014,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmHidLo.sys -- (WmHidLo)
DRV - [2004/05/14 00:54:32 | 000,021,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmFilter.sys -- (WmFilter)
DRV - [2004/05/14 00:54:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmBEnum.sys -- (WmBEnum)
DRV - [2004/05/14 00:54:26 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmVirHid.sys -- (WmVirHid)
DRV - [2004/05/14 00:54:24 | 000,044,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\WmXlCore.sys -- (WmXlCore)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/08/29 05:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/08/06 02:04:00 | 000,100,373 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2003/08/06 02:04:00 | 000,098,068 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2003/08/06 02:04:00 | 000,083,284 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2003/08/06 02:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2003/08/06 02:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2003/08/06 02:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2003/08/06 02:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2003/08/06 02:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2003/08/06 02:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2003/07/31 04:21:00 | 000,084,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2003/07/14 12:28:40 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2003/07/14 12:28:22 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2003/06/20 03:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2002/07/02 11:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.sys -- (LMouFlt2)
DRV - [2002/07/02 11:20:51 | 000,040,508 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDUSB.SYS -- (LHidUsb)
DRV - [2002/07/02 11:20:51 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2002/07/02 11:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2002/07/02 11:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Pr2.sys -- (l8042pr2)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: " "
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/04 19:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2010/06/19 16:19:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/05 21:18:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/07 07:49:21 | 000,000,000 | ---D | M]

[2009/04/17 09:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Extensions
[2010/07/07 07:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions
[2008/05/24 12:13:38 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/06/16 12:35:54 | 000,000,000 | ---D | M] (Billeo) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}
[2009/04/17 09:34:02 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/07/06 13:42:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/09 12:58:57 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/07/07 07:46:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Billeo) - {465E08E7-F005-4389-980F-1D8764B3486C} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Billeo) - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\Program Files\Billeo\billeo.dll (Billeo, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [Itiva Media Accelerator] C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe (Itiva Digital Media)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\billeo.lnk = C:\Program Files\Billeo\billeo.exe (Billeo, Inc.)
O4 - Startup: C:\Documents and Settings\Rick and Deb\Start Menu\Programs\Startup\WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll File not found
O12 - Plugin for: .hlq - C:\Program Files\Internet Explorer\PLUGINS\NpHcd32.dll (Octopus Media, LLC.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([int02] http in Trusted sites)
O15 - HKCU\..Trusted Domains: pineconeresearch.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: smartsource.com ([coupons] http in Trusted sites)
O15 - HKCU\..Trusted Domains: smartsource.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/Dcode/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} http://imagin.munpl.org/wx/client/IrcViewer.cab (CompositeView Control)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/data/djvu_autoinstall/DjVuControl_en_US.cab (DjVuCtl Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective.keynote.com/applications/pconnector/download/ConnectorLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} http://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab (Invoke Solutions Participant Control(MR))
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Pitts at night.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Pitts at night.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2100/02/08 17:03:54 | 000,053,248 | ---- | C] (Silitek Corp.) -- C:\Program Files\ACMonitor_X73.exe
[2010/07/07 07:42:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/06 20:43:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
[2010/06/19 16:23:25 | 000,000,000 | ---D | C] -- C:\Program Files\Rhapsody
[2010/06/19 16:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\ArcSoft
[2010/06/19 16:20:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\ArcSoft
[2010/06/19 16:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/06/19 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/06/19 16:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/06/19 16:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Philips
[2010/06/19 16:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\InstallShield
[2010/06/11 16:40:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rick and Deb\Recent
[2010/06/10 09:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\My Documents\ING statements
[2010/05/27 09:29:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick and Deb\Application Data\Facebook
[2010/05/13 11:21:06 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/13 11:15:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/13 11:13:51 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2002/04/11 01:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/07 08:01:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job
[2010/07/07 07:55:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/07 07:51:04 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\billeo.lnk
[2010/07/07 07:50:51 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/07 07:50:42 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/07/07 07:49:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/07 07:48:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/07/07 07:47:12 | 016,252,928 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\ntuser.dat
[2010/07/07 07:47:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick and Deb\NTUSER.INI
[2010/07/07 07:46:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2010/07/06 22:32:32 | 061,697,329 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 20:43:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick and Deb\Desktop\OTL.exe
[2010/07/06 19:45:21 | 000,001,363 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/07/06 19:45:21 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
[2010/07/06 08:25:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/06 08:08:18 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\dds.scr
[2010/07/06 07:49:09 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/06 07:24:23 | 000,002,943 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Kaspersky.html
[2010/07/05 09:45:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\jucheck.job
[2010/07/02 13:22:27 | 000,002,185 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/07/01 07:56:18 | 000,013,725 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\NoLemon_Pie.pdf
[2010/06/23 07:42:38 | 000,553,592 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 07:42:38 | 000,478,748 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/06/23 07:42:38 | 000,085,154 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/06/22 18:49:17 | 001,156,692 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\pattern.jpg
[2010/06/20 22:08:05 | 000,826,431 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\HealthForm[1].pdf
[2010/06/20 08:24:22 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/06/20 08:24:22 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/19 17:14:41 | 000,870,128 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\mcs.rma
[2010/06/19 17:14:41 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\E788F1
[2010/06/19 16:15:46 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Philips GoGear VIBE Device Manager.lnk
[2010/06/18 09:47:31 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\obits.bmp
[2010/06/14 14:24:07 | 000,022,621 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\untitled2.JPG
[2010/06/12 08:13:33 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Schmidtchen Church records.doc
[2010/06/10 19:24:10 | 000,409,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/10 19:13:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/02 11:44:12 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 11:44:11 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/28 15:52:03 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Thrifty Parking coupon.doc
[2010/05/24 21:38:52 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Trip.doc
[2010/05/22 18:22:22 | 001,018,943 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\john in drag.JPG
[2010/05/18 09:02:01 | 000,012,351 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\Death_by_mail pa.pdf
[2010/05/13 11:20:57 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/05/13 11:20:52 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/05/13 11:15:30 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/05/12 14:57:56 | 000,041,642 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\schmidtchen.rtf
[2010/05/09 15:56:33 | 000,159,232 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\the helmet.doc
[2010/04/30 20:40:46 | 000,226,728 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/29 21:54:44 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\My Documents\Ramada Burbank Airport.doc
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 12:52:23 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Rick and Deb\Desktop\stein.bmp

========== Files Created - No Company Name ==========

[2100/02/23 15:35:34 | 000,000,768 | ---- | C] () -- C:\Program Files\x73_lut.dat
[2100/02/08 16:53:34 | 000,001,437 | ---- | C] () -- C:\Program Files\gtx73.ini
[2010/07/06 08:08:25 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\dds.scr
[2010/07/06 08:05:45 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/06 07:24:23 | 000,002,943 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Kaspersky.html
[2010/07/01 07:56:18 | 000,013,725 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\NoLemon_Pie.pdf
[2010/06/22 18:49:05 | 001,156,692 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\pattern.jpg
[2010/06/20 22:08:05 | 000,826,431 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\HealthForm[1].pdf
[2010/06/19 16:45:09 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\mcs.rma
[2010/06/19 16:45:09 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\E788F1
[2010/06/19 16:15:46 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Philips GoGear VIBE Device Manager.lnk
[2010/06/14 08:52:40 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Trip.doc
[2010/06/14 08:49:17 | 001,018,943 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\john in drag.JPG
[2010/06/14 08:45:51 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Ramada Burbank Airport.doc
[2010/05/28 15:51:44 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\Thrifty Parking coupon.doc
[2010/05/28 08:51:39 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Schmidtchen Church records.doc
[2010/05/18 09:02:01 | 000,012,351 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\Death_by_mail pa.pdf
[2010/05/13 11:15:30 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/05/12 13:06:03 | 000,041,642 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\schmidtchen.rtf
[2010/05/09 15:56:32 | 000,159,232 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\My Documents\the helmet.doc
[2010/05/05 10:46:31 | 000,022,621 | ---- | C] () -- C:\Documents and Settings\Rick and Deb\Desktop\untitled2.JPG
[2009/08/02 17:07:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\.picasa.ini
[2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/20 19:16:16 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/07/25 08:21:17 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/05/02 14:15:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys
[2007/03/27 16:33:27 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/12/25 10:22:19 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/12/04 20:00:15 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/12/04 20:00:15 | 000,000,177 | ---- | C] () -- C:\WINDOWS\kpcms.ini
[2006/07/31 08:57:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Rick and Deb.ini
[2006/07/22 21:42:07 | 000,000,043 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
[2006/06/28 07:57:36 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/06/24 21:07:31 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/05/15 15:55:20 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PZMSTART.INI
[2005/12/30 17:32:31 | 000,189,952 | ---- | C] () -- C:\WINDOWS\Qcard32.dll
[2005/11/27 12:32:10 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2005/09/29 17:04:50 | 000,000,215 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2005/09/17 16:47:18 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/01/24 20:11:07 | 000,000,021 | ---- | C] () -- C:\WINDOWS\DVDSentry.ini
[2004/12/19 16:35:52 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/12/01 18:54:47 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/12/01 18:54:46 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/12/01 18:53:44 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/11/08 18:42:36 | 000,000,482 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/09/30 15:26:32 | 000,004,688 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/07/02 14:35:26 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Tonka_Raceway.INI
[2004/06/28 13:03:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/05/25 14:19:06 | 000,001,774 | ---- | C] () -- C:\WINDOWS\Pcs5.ini
[2004/03/13 17:18:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2004/03/12 17:34:13 | 000,000,036 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2004/02/09 17:08:43 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/02/07 18:32:39 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\gif89.dll
[2004/02/07 18:30:52 | 000,000,799 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2004/01/11 11:41:38 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/01/01 15:42:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\uccspecb.sys
[2004/01/01 13:59:16 | 000,000,024 | ---- | C] () -- C:\WINDOWS\qfnonl.ini
[2004/01/01 13:57:36 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI
[2004/01/01 13:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini
[2004/01/01 13:56:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini
[2003/12/19 17:13:11 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SSAW.INI
[2003/12/17 14:18:19 | 000,002,185 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/12/17 14:18:16 | 000,001,270 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2003/12/17 14:02:16 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2003/12/11 19:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/12/11 19:21:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/12/11 19:21:31 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/12/11 19:21:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/12/11 19:21:30 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/12/11 19:21:30 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/12/11 19:21:00 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/12/11 19:19:45 | 000,000,192 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/12/11 19:15:00 | 000,000,890 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/12/11 18:57:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/12/11 18:44:30 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/06 15:16:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2003/10/06 15:16:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2003/10/06 15:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2003/10/06 15:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/08/14 00:13:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/08 14:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2002/11/26 22:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2002/11/26 22:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/09/30 06:10:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/12 08:42:50 | 000,000,643 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/10/24 10:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 10:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/04/20 04:15:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\unvise32.dll
[1998/08/16 06:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2009/12/12 08:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/06/11 21:47:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\billeo
[2004/03/16 17:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2008/05/12 17:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/08/10 13:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/05 19:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Itiva
[2008/06/01 08:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2008/06/26 17:13:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ROBLOX
[2008/08/21 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RobloxDownloads
[2008/11/22 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/10 17:10:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visual Networks
[2009/12/12 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.1
[2009/12/14 06:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.3
[2010/02/25 14:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Weather Pulse 2.2.4.4
[2010/05/13 11:15:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/19 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\AVG9
[2009/02/23 13:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\CoxFastConnect20
[2010/01/09 12:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\E-centives
[2010/05/27 09:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Facebook
[2008/06/01 08:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\GameHouse
[2009/03/02 16:56:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Image Zone Express
[2009/01/03 21:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Keynote Systems
[2003/12/19 13:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Leadertech
[2007/03/27 16:33:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\MyFamily.com
[2008/10/08 09:08:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\OfficeUpdate12
[2006/01/03 11:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\pixelStorm
[2007/11/19 21:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Printer Info Cache
[2008/06/26 17:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\ROBLOX
[2005/12/01 21:25:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Smith Micro
[2007/11/22 19:02:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Viewpoint
[2004/01/29 14:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Vividence
[2009/08/22 09:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\Weather Pulse
[2009/12/14 06:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick and Deb\Application Data\WeatherPulse
[2010/07/07 07:55:05 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/05 09:45:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\jucheck.job
[2010/07/06 08:25:21 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/07/07 08:01:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job

========== Purity Check ==========


< End of report >

 

It's Back!

It came back! Was using IE and browsing the forum and had OE open reading a news letter and AV suite popped up again!

Ran Mbam in safe mode, here is the log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4286

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

7/7/2010 9:33:05 AM
mbam-log-2010-07-07 (09-33-05).txt

Scan type: Quick scan
Objects scanned: 169512
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uoqtbxjp (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uoqtbxjp (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Rick and Deb\Local Settings\Application Data\ixmyfojws\hufdkhmtssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rick and Deb\Local Settings\temp\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Back using FF, haven't run any other scans or tried to update or open anything else.

 

MBA-M needs to be run in normal mode (as I requested earlier) for it to work effectively .

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

I realize that. I posted the one you requested in post #3. But when the AV Suite scanner comes up I can only run Mbna in safemode. I did run it again, after I ran combofix. Here is the log. Combofix log to follow.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4290

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/7/2010 5:55:15 PM
mbam-log-2010-07-07 (17-55-15).txt

Scan type: Quick scan
Objects scanned: 170132
Time elapsed: 11 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

On other thing that started is I keep getting a IE errors when I am on this forum. I send the report and then the page reloads. ~Deb


ComboFix 10-07-06.05 - Rick and Deb 07/07/2010 17:12:45.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.239 [GMT -5:00]
Running from: c:\documents and settings\Rick and Deb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ie.ico
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2100-02-23 20:35 . 2001-02-22 15:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 22:03 . 2001-05-11 17:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2010-07-07 13:53 . 2010-07-07 14:33 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\ixmyfojws
2010-07-07 12:42 . 2010-07-07 12:42 -------- d-----w- C:\_OTL
2010-06-19 21:23 . 2010-06-19 21:44 -------- d-----w- c:\program files\Rhapsody
2010-06-19 21:20 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\ArcSoft
2010-06-19 21:20 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\ArcSoft
2010-06-19 21:19 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-06-19 21:18 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\program files\ArcSoft
2010-06-19 21:18 . 2005-04-27 21:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Philips
2010-06-19 21:14 . 2010-06-19 21:14 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\InstallShield
2010-06-10 23:31 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 13:09 . 2009-08-22 15:14 117760 ----a-w- c:\documents and settings\Rick and Deb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-07 12:50 . 2010-02-01 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-06 12:49 . 2010-01-14 19:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-26 16:27 . 2007-03-27 21:32 -------- d-----w- c:\program files\Family Tree Maker 16
2010-06-19 21:21 . 2003-12-12 00:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 19:16 . 2007-06-12 02:43 -------- d-----w- c:\program files\Billeo
2010-06-10 09:45 . 2010-06-16 17:35 4236800 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
2010-06-06 02:18 . 2007-09-21 00:16 -------- d-----w- c:\program files\Coupons
2010-06-05 12:35 . 2008-08-29 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 16:44 . 2008-10-08 22:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 16:44 . 2008-10-08 22:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 14:29 . 2010-05-27 14:29 50354 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Facebook\uninstall.exe
2010-05-27 14:29 . 2010-05-27 14:29 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\Facebook
2010-05-21 19:14 . 2009-10-02 18:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 16:20 . 2010-05-13 16:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-13 16:20 . 2010-01-14 19:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-13 16:15 . 2010-05-13 16:13 -------- d-----w- c:\program files\Lavasoft
2010-05-13 16:15 . 2010-05-13 16:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 14:28 . 2009-03-14 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 22:29 . 2009-04-10 17:42 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\Move Networks
2010-05-06 10:41 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-03-14 22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-03-14 22:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-11-08 14:17 . 2006-11-08 14:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2001-07-26 22:58 . 2000-01-11 18:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 18:46 . 2001-07-20 16:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 22:36 . 2000-12-05 21:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 20:22 . 2100-02-08 21:53 1437 ----a-w- c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 122880]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Itiva Media Accelerator "= "c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-07-02 976832]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-10 24651]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - c:\program files\Billeo\billeo.exe [2007-8-31 1441280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 16:56 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk
backup=c:\windows\pss\PreCast Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rick and Deb^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
2006-11-02 02:46 30928 -c--a-w- c:\program files\Kuma Games\hcsystray\hc_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-16 13:21 28672 -c--a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-06 17:00 1998576 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-12-12 00:23 151597 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/14/2010 2:18 PM 64288]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/17/2009 1:55 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/8/2008 5:23 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/8/2008 5:23 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 11:55 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 11:56 AM 308064]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [2/14/2009 5:45 PM 266240]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [3/24/2009 6:03 AM 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 12:49]

2010-07-05 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-08-08 09:27]

2010-07-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2010-07-07 c:\windows\Tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.myway.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath - c:\documents and settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Rick and Deb\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Rick and Deb\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 17:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-42243925-2180214520-125330197-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-07-07 17:29:42
ComboFix-quarantined-files.txt 2010-07-07 22:29
ComboFix2.txt 2010-01-23 01:17

Pre-Run: 59,647,549,440 bytes free
Post-Run: 59,648,151,552 bytes free

- - End Of File - - 455726935793750114E58C0965CEB9B3

 

Just for my info, has Combofix been run before on this pc, or did it encounter any problems when you ran it?
Reason I ask is because the log tells me it has been run 4 times.
Can you go to C:\qoobox and post any other logs that are in there listed as combofix.txt

 

Yes it has. Believe it was in Jan. Had the same virus two times. I think it was broni who helped me with both of them. There were no problems with it running, it did take a while. Stayed on stage 6 for sometime.

There was only one file named combofix2. text. here it is.


ComboFix 10-01-21.08 - Rick and Deb 01/22/2010 18:59:19.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.213 [GMT -6:00]
Running from: c:\documents and settings\Rick and Deb\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 )))))))))))))))))))))))))))))))
.

2100-02-23 20:35 . 2001-02-22 15:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 22:03 . 2001-05-11 17:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2010-01-22 13:38 . 2010-01-22 15:25 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\ifkldm
2010-01-14 19:58 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-14 19:18 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-14 19:14 . 2010-01-14 19:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-14 19:12 . 2010-01-14 19:12 -------- d-----w- c:\program files\Lavasoft
2010-01-09 17:58 . 2010-01-09 17:59 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\E-centives
2010-01-01 21:40 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2009-12-31 14:37 . 2009-12-31 14:37 -------- d-----w- c:\program files\Trend Micro
2009-12-29 19:10 . 2009-12-30 00:06 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\fimlxs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 22:18 . 2008-08-29 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 19:22 . 2010-01-14 19:17 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-01-20 19:22 . 2010-01-20 19:21 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-01-20 19:21 . 2010-01-14 19:16 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-01-14 19:17 . 2010-01-14 19:17 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-01-14 19:17 . 2010-01-14 19:17 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-01-14 19:17 . 2010-01-14 19:17 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-01-14 19:17 . 2010-01-14 19:17 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-01-14 19:17 . 2010-01-14 19:17 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-14 19:17 . 2010-01-14 19:17 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-01-14 19:17 . 2010-01-14 19:17 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-01-14 19:17 . 2010-01-14 19:17 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-01-14 19:16 . 2010-01-14 19:16 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-01-14 19:16 . 2010-01-14 19:16 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-01-14 19:16 . 2010-01-14 19:16 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-01-14 19:12 . 2008-12-26 14:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-14 18:52 . 2005-05-07 19:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-13 21:52 . 2009-12-23 16:44 52224 ----a-w- c:\documents and settings\Rick and Deb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-13 21:52 . 2009-08-22 15:14 117760 ----a-w- c:\documents and settings\Rick and Deb\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-13 21:35 . 2009-03-14 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 21:35 . 2009-03-27 19:32 5115824 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 17:58 . 2010-01-09 17:59 423464 ----a-w- c:\documents and settings\Rick and Deb\Application Data\E-centives\BSTIEPrintCtl1.dll
2010-01-08 15:29 . 2007-09-21 00:16 -------- d-----w- c:\program files\Coupons
2010-01-07 22:07 . 2009-03-14 22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2009-03-14 22:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-04 23:49 . 2007-05-14 13:31 57 ---h--w- c:\windows\popcreg.dat
2010-01-04 23:49 . 2007-05-14 13:31 19 ----a-w- c:\windows\popcinfot.dat
2010-01-04 23:49 . 2007-05-14 13:44 15 ----a-w- c:\windows\popcinfo.dat
2010-01-04 21:08 . 2009-04-10 17:42 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\Move Networks
2010-01-01 17:23 . 2009-12-22 17:22 3966744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2009-12-21 19:14 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 11:47 . 2009-12-14 11:46 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\WeatherPulse
2009-12-14 11:46 . 2009-12-14 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4
2009-12-14 11:46 . 2009-12-14 11:46 172032 ----a-w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\Uninstall-WeatherPulse.exe
2009-12-14 11:46 . 2009-12-12 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.3
2009-12-14 11:45 . 2009-12-14 11:46 229376 ----a-w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\SSEInternetUpdater.exe
2009-12-13 23:44 . 2009-12-14 11:46 2972493 ----a-w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\wpdata.exe
2009-12-13 20:24 . 2009-12-14 11:46 4066816 ----a-w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\weatherpulse.exe
2009-12-12 23:13 . 2009-11-16 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.1
2009-12-12 13:53 . 2009-11-19 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-09 21:09 . 2009-12-09 21:09 143976 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Move Networks\uninstall.exe
2009-12-09 21:09 . 2009-10-15 00:50 5642688 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Move Networks\plugins\npqmp071701000002.dll
2009-12-09 21:09 . 2009-12-09 21:08 1794456 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Move Networks\MoveMediaPlayerWin_071701000002.exe
2009-12-07 14:10 . 2010-01-14 19:14 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-02 00:10 . 2003-12-12 00:08 -------- d-----w- c:\program files\Java
2009-12-02 00:08 . 2009-12-02 00:08 152576 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-02 00:08 . 2009-12-02 00:08 79488 ----a-w- c:\documents and settings\Rick and Deb\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 14:52 . 2008-10-08 22:23 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-19 14:52 . 2008-10-08 22:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-19 14:52 . 2008-10-08 22:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-19 14:51 . 2008-10-08 22:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 14:35 . 2009-11-16 14:35 3584 ----a-r- c:\documents and settings\Rick and Deb\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-11-15 20:28 . 2009-12-14 11:46 2214137 ----a-w- c:\documents and settings\Rick and Deb\Application Data\WeatherPulse\wpdata.exe
2009-11-13 22:57 . 2009-11-13 22:57 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-11-13 22:57 . 2009-11-13 22:57 426496 ------w- c:\windows\system32\imapi2.dll
2009-11-03 02:42 . 2009-10-02 18:44 195456 ------w- c:\windows\system32\MpSigStub.exe
2006-11-08 14:17 . 2006-11-08 14:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2001-07-26 22:58 . 2000-01-11 18:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 18:46 . 2001-07-20 16:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 22:36 . 2000-12-05 21:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 20:22 . 2100-02-08 21:53 1437 ----a-w- c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherPulse "= "c:\documents and settings\All Users\Application Data\Weather Pulse 2.2.4.4\weatherpulse.exe" [2009-12-13 4066816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 122880]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Itiva Media Accelerator "= "c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Mike\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-10 24651]

c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-10 24651]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - c:\program files\Billeo\billeo.exe [2007-8-31 1242960]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-19 14:51 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk
backup=c:\windows\pss\PreCast Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rick and Deb^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
2006-11-02 02:46 30928 -c--a-w- c:\program files\Kuma Games\hcsystray\hc_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-16 13:21 28672 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-06 17:00 1998576 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-12-12 00:23 151597 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/14/2010 1:18 PM 64288]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/17/2009 12:55 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/8/2008 4:23 PM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/8/2008 4:23 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 3:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 3:06 PM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/19/2009 8:51 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/19/2009 8:51 AM 285392]
S2 mrtRate;mrtRate; [x]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [2/14/2009 4:45 PM 266240]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [3/24/2009 5:03 AM 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 3:06 PM 7408]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 7:19 AM 1181328]
.
Contents of the 'Scheduled Tasks' folder

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 19:21]

2010-01-22 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 19:21]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 19:21]

2010-01-22 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 19:21]

2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 19:21]

2009-12-15 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-08-08 09:27]

2010-01-23 c:\windows\Tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.myway.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath - c:\documents and settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - plugin: c:\documents and settings\Rick and Deb\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-22 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-42243925-2180214520-125330197-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2676)
c:\windows\system32\WININET.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-22 19:17:28
ComboFix-quarantined-files.txt 2010-01-23 01:17
ComboFix2.txt 2009-12-31 14:30

Pre-Run: 59,490,861,056 bytes free
Post-Run: 59,518,144,512 bytes free

- - End Of File - - 499A191449789074EE4B9A5D84319114

 

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::
c:\documents and settings\Rick and Deb\Local Settings\Application Data\ixmyfojws

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe . This will start ComboFix again.


7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

====

Let me know if the problem persists.

 

Thanks!

Things seem to be much better. Was able to update SuperAntispyware and windows defender. Haven't had the IE error as of yet. Played around a few minutes here before posting to see if it would happen.

Thank you for your help! Here is the log.


ComboFix 10-07-06.05 - Rick and Deb 07/07/2010 20:39:31.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.242 [GMT -5:00]
Running from: c:\documents and settings\Rick and Deb\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Rick and Deb\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Rick and Deb\Local Settings\Application Data\ixmyfojws "
.

((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2100-02-23 20:35 . 2001-02-22 15:54 768 ----a-w- c:\program files\x73_lut.dat
2100-02-08 22:03 . 2001-05-11 17:39 53248 ----a-w- c:\program files\ACMonitor_X73.exe
2010-07-07 13:53 . 2010-07-07 14:33 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\ixmyfojws
2010-07-07 12:42 . 2010-07-07 12:42 -------- d-----w- C:\_OTL
2010-06-19 21:23 . 2010-06-19 21:44 -------- d-----w- c:\program files\Rhapsody
2010-06-19 21:20 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\Rick and Deb\Local Settings\Application Data\ArcSoft
2010-06-19 21:20 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\ArcSoft
2010-06-19 21:19 . 2010-06-19 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-06-19 21:18 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-06-19 21:18 . 2010-06-19 21:18 -------- d-----w- c:\program files\ArcSoft
2010-06-19 21:18 . 2005-04-27 21:36 245408 ----a-w- c:\windows\system32\unicows.dll
2010-06-19 21:15 . 2010-06-19 21:15 -------- d-----w- c:\program files\Philips
2010-06-19 21:14 . 2010-06-19 21:14 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\InstallShield
2010-06-10 23:31 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-07 12:50 . 2010-02-01 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-07-06 12:49 . 2010-01-14 19:18 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-26 16:27 . 2007-03-27 21:32 -------- d-----w- c:\program files\Family Tree Maker 16
2010-06-19 21:21 . 2003-12-12 00:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 19:16 . 2007-06-12 02:43 -------- d-----w- c:\program files\Billeo
2010-06-06 02:18 . 2007-09-21 00:16 -------- d-----w- c:\program files\Coupons
2010-06-05 12:35 . 2008-08-29 02:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-02 16:44 . 2008-10-08 22:23 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-02 16:44 . 2008-10-08 22:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-27 14:29 . 2010-05-27 14:29 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\Facebook
2010-05-21 19:14 . 2009-10-02 18:44 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-13 16:20 . 2010-05-13 16:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-13 16:20 . 2010-01-14 19:58 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-13 16:15 . 2010-05-13 16:13 -------- d-----w- c:\program files\Lavasoft
2010-05-13 16:15 . 2010-05-13 16:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 14:28 . 2009-03-14 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-10 22:29 . 2009-04-10 17:42 -------- d-----w- c:\documents and settings\Rick and Deb\Application Data\Move Networks
2010-05-06 10:41 . 2005-10-21 18:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-03-14 22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-03-14 22:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2006-11-08 14:17 . 2006-11-08 14:17 774144 ----a-w- c:\program files\RngInterstitial.dll
2001-07-26 22:58 . 2000-01-11 18:50 47 ----a-w- c:\program files\ACMonitor_X73.ini
2001-07-05 18:46 . 2001-07-20 16:48 8116 ----a-w- c:\program files\OSLO3071b2.USB
2001-05-08 22:36 . 2000-12-05 21:56 114688 ----a-w- c:\program files\lxarscan.dll
2001-04-23 20:22 . 2100-02-08 21:53 1437 ----a-w- c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG "= "BCMSMMSG.exe" [2003-08-29 122880]
"dla "= "c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"EM_EXEC "= "c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-01 28672]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Itiva Media Accelerator "= "c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" [2008-06-04 4994288]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-02 2065248]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-07-02 976832]
"ArcSoft Connection Service "= "c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\
WKCALREM.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-7-10 24651]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
billeo.lnk - c:\program files\Billeo\billeo.exe [2007-8-31 1441280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 16:56 12464 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips GoGear VIBE Device Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk
backup=c:\windows\pss\Philips GoGear VIBE Device Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PreCast Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PreCast Monitor.lnk
backup=c:\windows\pss\PreCast Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mike^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Mike\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Rick and Deb^Start Menu^Programs^Startup^WKCALREM.LNK]
path=c:\documents and settings\Rick and Deb\Start Menu\Programs\Startup\WKCALREM.LNK
backup=c:\windows\pss\WKCALREM.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-06-07 05:46 57344 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hcsystray]
2006-11-02 02:46 30928 -c--a-w- c:\program files\Kuma Games\hcsystray\hc_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2002-07-16 13:21 28672 -c--a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-06 16:05 53248 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-06 16:05 118784 -c--a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 07:01 155648 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 10:17 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-10-06 17:00 1998576 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2003-12-12 00:23 151597 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe "=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe "=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe "=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [1/14/2010 2:18 PM 64288]
R0 pavboot;pavboot;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/17/2009 1:55 PM 28552]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/8/2008 5:23 PM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [10/8/2008 5:23 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 11:55 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 11:56 AM 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1352832]
S2 mrtRate;mrtRate; [x]
S3 CSHelper;CopySafe Helper Service;c:\windows\SYSTEM32\CSHelper.exe [2/14/2009 5:45 PM 266240]
S3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [3/24/2009 6:03 AM 7808]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 12:49]

2010-07-05 c:\windows\Tasks\jucheck.job
- c:\program files\Java\jre1.6.0_07\bin\jucheck.exe [2008-08-08 09:27]

2010-07-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]

2010-07-08 c:\windows\Tasks\User_Feed_Synchronization-{87C44D87-F9C6-459D-81C4-A62EC70C25E7}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.myway.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: pineconeresearch.com\int02
Trusted Zone: pineconeresearch.com\www
Trusted Zone: smartsource.com\coupons
Trusted Zone: smartsource.com\www
Trusted Zone: windowsupdate.com\download
DPF: {0C5CF442-582B-4357-B116-765DA99CAA8C} - hxxp://imagin.munpl.org/wx/client/IrcViewer.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath - c:\documents and settings\Rick and Deb\Application Data\Mozilla\Firefox\Profiles\u4c6amlz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Rick and Deb\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Rick and Deb\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Itiva\Itiva Media Accelerator\npima.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 20:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-42243925-2180214520-125330197-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4020)
c:\windows\system32\WININET.dll
c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\BCMSMMSG.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2010-07-07 21:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 02:11
ComboFix2.txt 2010-07-07 22:29
ComboFix3.txt 2010-01-23 01:17

Pre-Run: 59,645,517,824 bytes free
Post-Run: 59,643,977,728 bytes free

- - End Of File - - 4CF0EC37B48B2C9C0FF6676D792F774A

 

Since AVG never seems to catch this, do you think if I got the full version of Mbam that it would block this?

 

I cannot see why it would not. IMO MBA-M is at the top of the tree as far as scanners go.

====

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labeled Files of type change the type to Text file.
• Save the file to your Desktop.
• Copy and paste that information in your next post.

 

Thanks, I too believe it is one of the best. Will get the full version as soon as we are done with this.

Took a while to do the scan. I had opened it in a seperate tab and noticed about an hour into it that I had forgot to close out the tab with this post. When I closed it out I got the IE encountered a problem and it closed out both tabs! Anyways, here is Kaspersy log.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, July 8, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, July 08, 2010 10:25:38
Records in database: 4242567
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 98967
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 03:06:19


File name / Threat / Threats count
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP3\A0001126.exe Infected: Trojan.Win32.FraudPack.ayun 1

Selected area has been scanned.