Solved svchost.exe virus

jmolina81 · 2010/08/03

[Resolved] svchost.exe virus

I keep getting the error message svchost.exe -application error. The instruction at 0x001a3b57 referenced memory at 0x00000000. The memory could not be read. I have googled this error and seems to be some kind of virus. Also I seem to have a virus that is popping up new windows or when in any search engine when I click on the link I want to go to it takes me somewhere else. Not sure if these are one and the same. Here is my system info.

DDS (Ver_10-03-17.01) - NTFSx86
Run by owner at 13:20:30.75 on Tue 08/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.144 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intuit\QuickBooks 2010\qbw32.exe
C:\Program Files\Intuit\QuickBooks 2010\qbhelp.exe
C:\PROGRA~1\Intuit\QUICKB~2\QBDBMgr.exe
C:\Program Files\Common Files\Intuit\QuickBooks\axlbridge.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\dealio toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - c:\program files\dealio toolbar\ie\4.0.2\dealioToolbarIE.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe "
uRun: [ares] "F:\Ares.exe" -h
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [SM1BG] c:\windows\SM1BG.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SearchSettings] c:\program files\dealio toolbar\SearchSettings.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventr~1.lnk - c:\program files\broderbund\printmaster\PMREMIND.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\upsonl~1.lnk - c:\upsold\uows\PldReminder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186088304859
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: avgrsstarter - avgrsstx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\rfxmye23.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\application data\mozilla\firefox\profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-3-20 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-12-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-3-20 108552]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-3-20 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-12 136176]
S3 DCamUSBNovatek;SANYO Digital Camera;c:\windows\system32\drivers\nvtcam.sys [2008-4-16 55808]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

=============== Created Last 30 ================

2010-07-29 15:38:15 0 d-sh--w- c:\windows\system32\lowsec
2010-07-28 18:45:22 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-28 18:45:00 0 d-----w- c:\program files\Application Updater
2010-07-28 18:44:58 0 d-----w- c:\program files\Dealio Toolbar
2010-07-28 18:44:58 0 d-----w- c:\docume~1\owner\applic~1\Search Settings
2010-07-28 18:44:58 0 d-----w- c:\docume~1\owner\applic~1\Dealio
2010-07-28 18:44:55 0 d-----w- c:\program files\SANYO Digital Camera
2010-07-28 18:43:40 0 d-----w- c:\program files\The Weather Channel FW
2010-07-28 18:43:28 0 d-----w- c:\program files\CCleaner
2010-07-21 20:05:33 0 d-----w- c:\docume~1\owner\applic~1\Office Genuine Advantage
2010-07-19 19:35:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-10 17:19:23 0 d-----w- c:\program files\I-play Games

==================== Find3M ====================

2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2003-08-27 19:19:18 36963 -c--a-r- c:\program files\common files\SM1updtr.dll

============= FINISH: 13:21:56.89 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/29/2006 2:40:30 PM
System Uptime: 8/3/2010 12:08:31 PM (1 hours ago)

Motherboard: ECS | | 761GX-M754-964
Processor: Mobile AMD Athlon(tm) XP-M Processor 3100+ | CPU 1 | 1799/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 54.515 GiB free.
D: is CDROM ()
E: is Removable
G: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP930: 5/6/2010 11:38:55 AM - System Checkpoint
RP931: 5/7/2010 12:39:16 PM - System Checkpoint
RP932: 5/10/2010 10:23:42 AM - System Checkpoint
RP933: 5/11/2010 1:16:31 PM - System Checkpoint
RP934: 5/12/2010 3:35:52 PM - System Checkpoint
RP935: 5/12/2010 3:47:33 PM - Software Distribution Service 3.0
RP936: 5/13/2010 3:59:40 PM - System Checkpoint
RP937: 5/14/2010 5:01:35 PM - System Checkpoint
RP938: 5/17/2010 10:12:28 AM - System Checkpoint
RP939: 5/17/2010 11:04:17 AM - Printer Driver Amyuni Document Converter 400 Installed
RP940: 5/18/2010 1:35:48 PM - System Checkpoint
RP941: 5/19/2010 2:29:08 PM - System Checkpoint
RP942: 5/20/2010 2:48:10 PM - System Checkpoint
RP943: 5/21/2010 4:56:49 PM - System Checkpoint
RP944: 5/24/2010 10:34:22 AM - System Checkpoint
RP945: 5/26/2010 12:10:58 PM - System Checkpoint
RP946: 5/27/2010 8:52:46 AM - Software Distribution Service 3.0
RP947: 5/28/2010 9:48:25 AM - System Checkpoint
RP948: 6/1/2010 10:30:05 AM - System Checkpoint
RP949: 6/2/2010 1:56:53 PM - System Checkpoint
RP950: 6/4/2010 1:09:02 PM - System Checkpoint
RP951: 6/7/2010 9:32:22 AM - System Checkpoint
RP952: 6/8/2010 10:35:28 AM - System Checkpoint
RP953: 6/9/2010 12:20:51 PM - System Checkpoint
RP954: 6/10/2010 12:21:29 PM - System Checkpoint
RP955: 6/10/2010 4:54:04 PM - Software Distribution Service 3.0
RP956: 6/11/2010 2:25:30 PM - Configured KPG-124D
RP957: 6/14/2010 12:56:25 PM - System Checkpoint
RP958: 6/15/2010 9:07:16 AM - Printer Driver Amyuni Document Converter 400 Installed
RP959: 6/16/2010 9:42:37 AM - System Checkpoint
RP960: 6/17/2010 10:55:22 AM - System Checkpoint
RP961: 6/18/2010 11:34:46 AM - System Checkpoint
RP962: 6/19/2010 12:09:21 PM - System Checkpoint
RP963: 6/21/2010 9:23:29 AM - System Checkpoint
RP964: 6/22/2010 9:07:56 AM - Avg8 Update
RP965: 6/23/2010 11:51:58 AM - System Checkpoint
RP966: 6/23/2010 5:04:35 PM - Software Distribution Service 3.0
RP967: 6/25/2010 10:58:39 AM - System Checkpoint
RP968: 6/28/2010 11:25:15 AM - System Checkpoint
RP969: 7/28/2010 4:59:23 PM - System Checkpoint
RP970: 6/29/2010 10:51:46 AM - System Checkpoint
RP971: 6/30/2010 1:46:30 PM - System Checkpoint
RP972: 7/1/2010 3:09:13 PM - System Checkpoint
RP973: 7/6/2010 10:08:51 AM - System Checkpoint
RP974: 7/7/2010 11:55:41 AM - System Checkpoint
RP975: 7/8/2010 1:15:59 PM - System Checkpoint
RP976: 7/9/2010 9:09:25 AM - Avg8 Update
RP977: 7/9/2010 9:13:41 AM - Avg8 Update
RP978: 7/12/2010 11:51:20 AM - System Checkpoint
RP979: 7/12/2010 3:32:00 PM - Removed Dealio Toolbar v4.0.2.
RP980: 7/14/2010 1:27:55 PM - System Checkpoint
RP981: 7/15/2010 9:03:08 AM - Software Distribution Service 3.0
RP982: 7/16/2010 10:36:42 AM - System Checkpoint
RP983: 7/19/2010 11:11:12 AM - System Checkpoint
RP984: 7/20/2010 11:42:43 AM - System Checkpoint
RP985: 7/21/2010 2:26:32 PM - System Checkpoint
RP986: 7/21/2010 2:42:11 PM - Removed Ask Toolbar.
RP987: 7/21/2010 2:44:23 PM - Removed Napster
RP988: 7/21/2010 2:51:52 PM - Software Distribution Service 3.0
RP989: 7/22/2010 3:24:11 PM - System Checkpoint
RP990: 7/26/2010 11:17:46 AM - System Checkpoint
RP991: 7/27/2010 1:45:18 PM - System Checkpoint
RP992: 7/28/2010 1:42:16 PM - Restore Operation
RP993: 7/28/2010 1:49:00 PM - Avg8 Update
RP994: 7/28/2010 1:50:44 PM - Avg8 Update
RP995: 7/30/2010 4:07:15 PM - System Checkpoint
RP996: 8/2/2010 10:54:49 AM - System Checkpoint

==== Installed Programs ======================

32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
7-Zip 4.57
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Ask Toolbar
AVG 8.5
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Canon MP Navigator EX 2.0
Canon MP480 series MP Drivers
Canon MP480 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
Cypress USB Mass Storage Driver Installation
Dealio Toolbar v4.0.2
Destination Component
DeviceDiscovery
DocMgr
DocProc
Facebook Plug-In
Fax
Google Earth Plug-in
Google Update Helper
GPBaseService2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Document Manager 2.0
HP Imaging Device Functions 12.0
HP Officejet 6500 E709 Series
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
HPSSupply
Inkjet Printer/Scanner Extended Survey Program
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 8
Java(TM) 6 Update 13
KPG-124D
KPG-128D
KPG-56D
KPG-76D
KPG-82D
KPG-88D
KPG-91D
KPG-99D
LimeWire 5.5.10
MagicDisc 2.6.93
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office 2003 Primary Interop Assemblies
Microsoft Office Professional Edition 2003
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Web Publishing Wizard 1.52
Mozilla Firefox (3.6.8)
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
MWSnap 3
Napster
Network
OCR Software by I.R.I.S. 12.0
OpenOffice.org Installer 1.0
PrintMaster® Premier 8.0
ProductContext
QuickBooks
QuickBooks Pro 2006
QuickBooks Pro 2010
QuickTime
Samsung USB Driver
SANYO Digital Camera Driver
Scan
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Serif DrawPlus 3.0
Shop for HP Supplies
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SmartWebPrinting
SolutionCenter
SoundMAX
SpywareBlaster 4.1
Status
The Disc 3.0
The Weather Channel Desktop 6
Toolbox
TrayApp
Ulead Photo Explorer 8.0 SE Basic
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Adapter FX (SM1)
WebFldrs XP
Weblink Updater Plugin
WebLinkActiveX
WebReg
Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinISD beta
WinISD Pro [alpha]
XAce Plus v2.6
Yahoo! Browser Services
Yahoo! BrowserPlus 2.7.1
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

8/3/2010 1:20:34 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
7/28/2010 8:31:09 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: Access is denied.
7/28/2010 8:30:43 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 0016EC591C53 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/28/2010 1:47:00 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'avgupd.exe.old' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
7/28/2010 1:47:00 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/28/2010 1:47:00 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

PeteC · 2010/08/03

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

broni · 2010/08/03

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jmolina81 · 2010/08/04

results of step1

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4388

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

8/4/2010 11:11:28 AM
mbam-log-2010-08-04 (11-11-28).txt

Scan type: Quick scan
Objects scanned: 139939
Time elapsed: 8 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 18
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{7c11c36c-2ae0-4489-9b09-a6129139d52d} (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{c628512d-a058-4bd4-b47b-b036f45fa02b} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bfcbb188-18e3-1deb-59d5-bace1ce655a4} (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f02fabcb-92dd-475a-98af-14217bd50746} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\IEControl.dll (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\spamdet.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\AdLoader (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Trace7 (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell\1das (Rogue.ContraVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell\dnl7 (Rogue.ContraVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\owner\Application Data\ContraVirus AntiSpam (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\owner\Application Data\ContraVirus AntiSpam\learn.dat (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\ContraVirus AntiSpam\Settings.xml (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\ContraVirus AntiSpam\storage.dat (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\ContraVirus AntiSpam\WhiteList.xml (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\ContraVirus 2.0.lnk (Rogue.ContraVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

jmolina81 · 2010/08/04

step 2

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-04 12:33:11
Windows 5.1.2600 Service Pack 2
Running: irvr3qoh.exe; Driver: C:\DOCUME~1\owner\LOCALS~1\Temp\kfqorpow.sys

---- Kernel code sections - GMER 1.0.15 ----

.rsrc C:\WINDOWS\system32\drivers\dmio.sys entry point in ".rsrc" section [0xF733FB14]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF632A900]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[872] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\System32\svchost.exe[872] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 0087000A
.text C:\WINDOWS\System32\svchost.exe[872] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00AA000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2168] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0131000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0132000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0130000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3836] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85EF9EC5

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\system@www.candystand[1].txt 433 bytes
File C:\Documents and Settings\NetworkService\Cookies\system@amgdgt[1].txt 474 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\60FJABP2\rotate[1].do 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3FWRHGS\play-random-game[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3FWRHGS\xd-receiver[1].txt 0 bytes
File C:\WINDOWS\system32\drivers\dmio.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

jmolina81 · 2010/08/04

step 3

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000005d

Kernel Drivers (total 125):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF79A2000 \WINDOWS\system32\KDCOM.DLL
0xF78B2000 \WINDOWS\system32\BOOTVID.dll
0xF7373000 ACPI.sys
0xF79A4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7362000 pci.sys
0xF74A2000 isapnp.sys
0xF7A6A000 pciide.sys
0xF7722000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF74B2000 MountMgr.sys
0xF7343000 ftdisk.sys
0xF79A6000 dmload.sys
0xF731D000 dmio.sys
0xF772A000 PartMgr.sys
0xF74C2000 VolSnap.sys
0xF7305000 atapi.sys
0xF74D2000 disk.sys
0xF74E2000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72E5000 fltMgr.sys
0xF72D3000 sr.sys
0xF72BC000 KSecDD.sys
0xF722F000 Ntfs.sys
0xF7202000 NDIS.sys
0xF71E7000 Mup.sys
0xF74F2000 gagp30kx.sys
0xF63F7000 \SystemRoot\system32\DRIVERS\sisgrp.sys
0xF63E3000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF75A2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF77CA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF75B2000 \SystemRoot\system32\DRIVERS\serial.sys
0xF71B7000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF77D2000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF63CF000 \SystemRoot\system32\DRIVERS\parport.sys
0xF75C2000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF75D2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7602000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF63AC000 \SystemRoot\system32\DRIVERS\ks.sys
0xF6376000 \SystemRoot\system32\drivers\smwdm.sys
0xF6352000 \SystemRoot\system32\drivers\portcls.sys
0xF7612000 \SystemRoot\system32\drivers\drmk.sys
0xF6332000 \SystemRoot\system32\drivers\aeaudio.sys
0xF62D2000 \SystemRoot\system32\drivers\senfilt.sys
0xF77DA000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF62AF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77EA000 \SystemRoot\system32\DRIVERS\sisnicxp.sys
0xF7622000 \SystemRoot\system32\DRIVERS\processr.sys
0xF7B7B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7632000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF71AF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6298000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7642000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7652000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF77F2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6287000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7662000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF77FA000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7802000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6256000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7672000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF780A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF623E000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xF6226000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0xF79D0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF61F2000 \SystemRoot\system32\DRIVERS\update.sys
0xF793A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7712000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF2329000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7A18000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF0367000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7A28000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AF6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A2A000 \SystemRoot\System32\Drivers\Beep.SYS
0xF0357000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xEF83A000 \SystemRoot\System32\drivers\vga.sys
0xF7A2C000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A2E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEF832000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEF82A000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF05CE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA09A000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA042000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA029000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBA001000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB9FDF000 \SystemRoot\System32\drivers\afd.sys
0xEFF77000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF05C6000 \SystemRoot\system32\DRIVERS\srvkp.sys
0xB9FB4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB9F45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xEF50C000 \SystemRoot\System32\Drivers\Fips.SYS
0xB9F24000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEF4FC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xEF812000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xB9CF8000 \SystemRoot\System32\Drivers\avgldx86.sys
0xEFE67000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xEF4BC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xEE63C000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEFE53000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF2089000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xEE62C000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xEE624000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xEE61C000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB937D000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF2099000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF2B24000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB47AB000 \SystemRoot\System32\drivers\Dxapi.sys
0xB9044000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AEC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\SiSGRV.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF71BB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB4187000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF79C6000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB4068000 \SystemRoot\system32\DRIVERS\srv.sys
0xB3DAB000 \SystemRoot\system32\drivers\wdmaud.sys
0xF2B34000 \SystemRoot\system32\drivers\sysaudio.sys
0xB3308000 \SystemRoot\System32\Drivers\HTTP.sys
0xF0A55000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xB2BD0000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB2B8E000 \??\C:\DOCUME~1\owner\LOCALS~1\Temp\kfqorpow.sys
0xB2B63000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
444 C:\WINDOWS\system32\smss.exe
500 csrss.exe
524 C:\WINDOWS\system32\winlogon.exe
572 C:\WINDOWS\system32\services.exe
584 C:\WINDOWS\system32\lsass.exe
740 C:\WINDOWS\system32\svchost.exe
800 svchost.exe
872 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1088 svchost.exe
1212 C:\WINDOWS\system32\brsvc01a.exe
1252 C:\WINDOWS\system32\spoolsv.exe
1260 C:\WINDOWS\system32\brss01a.exe
1636 svchost.exe
1672 C:\Program Files\Application Updater\ApplicationUpdater.exe
1688 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
1792 C:\WINDOWS\system32\svchost.exe
1828 C:\WINDOWS\system32\svchost.exe
1900 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
1944 C:\Program Files\Java\jre6\bin\jqs.exe
2000 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
172 C:\WINDOWS\system32\svchost.exe
204 C:\WINDOWS\system32\svchost.exe
212 C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
380 C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
424 C:\WINDOWS\system32\svchost.exe
464 wdfmgr.exe
716 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
1404 C:\Program Files\AVG\AVG8\avgrsx.exe
2476 C:\WINDOWS\explorer.exe
2712 alg.exe
3228 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
3240 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
3304 C:\WINDOWS\SM1bg.exe
3312 C:\Program Files\QuickTime\qttask.exe
3352 C:\PROGRA~1\AVG\AVG8\avgtray.exe
3360 C:\Program Files\Java\jre6\bin\jusched.exe
3424 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
3440 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3448 C:\Program Files\Messenger\msmsgs.exe
3468 C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
3920 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
3936 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
3956 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
4012 C:\WINDOWS\system32\sistray.exe
264 C:\Program Files\MagicDisc\MagicDisc.exe
2736 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
2892 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
3276 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
3836 C:\Program Files\Mozilla Firefox\firefox.exe
1312 C:\Program Files\Java\jre6\bin\jucheck.exe
2824 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2632 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
2328 C:\WINDOWS\system32\notepad.exe
1512 C:\WINDOWS\explorer.exe
3288 C:\Documents and Settings\owner\My Documents\Downloads\irvr3qoh.exe
2900 C:\Documents and Settings\owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800JB-00JJC0, Rev: 05.01C05

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/08/04

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.

Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

jmolina81 · 2010/08/05

tdss ran

2010/08/05 11:53:38.0314 TDSS rootkit removing tool 2.4.1.0 Aug 4 2010 15:06:41
2010/08/05 11:53:38.0314 ================================================================================
2010/08/05 11:53:38.0314 SystemInfo:
2010/08/05 11:53:38.0314
2010/08/05 11:53:38.0314 OS Version: 5.1.2600 ServicePack: 2.0
2010/08/05 11:53:38.0314 Product type: Workstation
2010/08/05 11:53:38.0314 ComputerName: OWNER-1C5BA76C0
2010/08/05 11:53:38.0314 UserName: owner
2010/08/05 11:53:38.0314 Windows directory: C:\WINDOWS
2010/08/05 11:53:38.0314 System windows directory: C:\WINDOWS
2010/08/05 11:53:38.0314 Processor architecture: Intel x86
2010/08/05 11:53:38.0314 Number of processors: 1
2010/08/05 11:53:38.0314 Page size: 0x1000
2010/08/05 11:53:38.0314 Boot type: Normal boot
2010/08/05 11:53:38.0314 ================================================================================
2010/08/05 11:53:38.0580 Initialize success
2010/08/05 11:53:43.0330 ================================================================================
2010/08/05 11:53:43.0330 Scan started
2010/08/05 11:53:43.0330 Mode: Manual;
2010/08/05 11:53:43.0330 ================================================================================
2010/08/05 11:53:44.0674 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/08/05 11:53:44.0752 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/08/05 11:53:44.0861 aeaudio (9f59ae2de835641fbb0c6afd80d8fa9b) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/08/05 11:53:44.0955 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/08/05 11:53:45.0049 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/08/05 11:53:45.0518 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/08/05 11:53:45.0596 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/08/05 11:53:45.0689 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/08/05 11:53:45.0768 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/08/05 11:53:45.0893 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\WINDOWS\System32\Drivers\avgldx86.sys
2010/08/05 11:53:45.0986 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\WINDOWS\System32\Drivers\avgmfx86.sys
2010/08/05 11:53:46.0064 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\WINDOWS\System32\Drivers\avgtdix.sys
2010/08/05 11:53:46.0158 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/08/05 11:53:46.0299 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2010/08/05 11:53:46.0377 BrSerIf (26051d886f3333cb41857d6f52248de1) C:\WINDOWS\system32\Drivers\BrSerIf.sys
2010/08/05 11:53:46.0471 BrUsbSer (7ac85cdc03befd78908b3b6a73d201d0) C:\WINDOWS\system32\Drivers\BrUsbSer.sys
2010/08/05 11:53:46.0533 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/08/05 11:53:46.0596 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/08/05 11:53:46.0705 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/08/05 11:53:46.0752 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/08/05 11:53:46.0830 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/08/05 11:53:47.0189 DCamUSBNovatek (4197aa61a58bbcd4bfcbcb57c6b51adf) C:\WINDOWS\system32\Drivers\nvtcam.sys
2010/08/05 11:53:47.0252 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/08/05 11:53:47.0377 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/08/05 11:53:47.0502 dmio (a8a832f25a55171019809fb680d5b43d) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/05 11:53:47.0502 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: a8a832f25a55171019809fb680d5b43d, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
2010/08/05 11:53:47.0502 dmio - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/08/05 11:53:47.0533 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/08/05 11:53:47.0611 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/08/05 11:53:47.0736 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/08/05 11:53:47.0830 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/08/05 11:53:47.0924 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/08/05 11:53:47.0986 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/08/05 11:53:48.0064 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/08/05 11:53:48.0189 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/08/05 11:53:48.0236 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/08/05 11:53:48.0330 FTDIBUS (7c17235845d5ae3fb33ead47b5881521) C:\WINDOWS\system32\drivers\ftdibus.sys
2010/08/05 11:53:48.0424 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/08/05 11:53:48.0471 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\WINDOWS\system32\drivers\ftser2k.sys
2010/08/05 11:53:48.0533 gagp30kx (4216cd545e5c30807b560c5dcaa812e6) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2010/08/05 11:53:48.0611 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/08/05 11:53:48.0705 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/08/05 11:53:48.0830 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2010/08/05 11:53:48.0893 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2010/08/05 11:53:48.0986 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2010/08/05 11:53:49.0080 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/08/05 11:53:49.0268 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/08/05 11:53:49.0393 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/08/05 11:53:49.0564 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/08/05 11:53:49.0643 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/08/05 11:53:49.0705 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/08/05 11:53:49.0783 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/08/05 11:53:49.0893 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/08/05 11:53:50.0002 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/08/05 11:53:50.0080 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/08/05 11:53:50.0127 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/08/05 11:53:50.0221 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/08/05 11:53:50.0299 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/08/05 11:53:50.0393 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/08/05 11:53:50.0564 mcdbus (5fb43fe50aee92b2b7b34cf2563db2ac) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2010/08/05 11:53:50.0658 MidiSyn (8c7d037a53b495e7c250fd70b158b581) C:\WINDOWS\system32\drivers\MidiSyn.sys
2010/08/05 11:53:50.0736 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/08/05 11:53:50.0799 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/08/05 11:53:50.0861 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/08/05 11:53:50.0939 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/08/05 11:53:50.0986 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/08/05 11:53:51.0080 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/08/05 11:53:51.0174 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/08/05 11:53:51.0268 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/08/05 11:53:51.0330 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/08/05 11:53:51.0393 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/08/05 11:53:51.0455 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/08/05 11:53:51.0549 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/08/05 11:53:51.0627 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/08/05 11:53:51.0705 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/08/05 11:53:51.0768 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/08/05 11:53:51.0830 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/08/05 11:53:51.0893 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/08/05 11:53:51.0955 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/08/05 11:53:52.0033 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/08/05 11:53:52.0096 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/08/05 11:53:52.0158 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/08/05 11:53:52.0236 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/08/05 11:53:52.0283 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/08/05 11:53:52.0393 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/08/05 11:53:52.0486 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/08/05 11:53:52.0549 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/08/05 11:53:52.0627 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/08/05 11:53:52.0689 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/08/05 11:53:52.0783 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/08/05 11:53:52.0846 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/08/05 11:53:52.0908 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/08/05 11:53:52.0986 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/08/05 11:53:53.0080 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/08/05 11:53:53.0143 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/08/05 11:53:53.0533 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/08/05 11:53:53.0611 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
2010/08/05 11:53:53.0705 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/08/05 11:53:53.0752 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/08/05 11:53:54.0018 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/08/05 11:53:54.0080 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/08/05 11:53:54.0174 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/08/05 11:53:54.0221 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/08/05 11:53:54.0314 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/08/05 11:53:54.0393 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/08/05 11:53:54.0471 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/08/05 11:53:54.0549 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/08/05 11:53:54.0643 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/08/05 11:53:54.0768 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/08/05 11:53:54.0877 senfilt (bb596a578330ad794c6769b588af6bb4) C:\WINDOWS\system32\drivers\senfilt.sys
2010/08/05 11:53:55.0033 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/08/05 11:53:55.0127 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/08/05 11:53:55.0236 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/08/05 11:53:55.0377 SiS315 (7469858341a5b6f22dedd2995f4d2ff2) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2010/08/05 11:53:55.0455 SiSkp (9a0f86efa0ef99115a23c8624e2e6bc7) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2010/08/05 11:53:55.0549 SISNIC (3fbb6ef8b5a71a2fa11f5f461bb73219) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2010/08/05 11:53:55.0627 SISNICXP (a1348a901a44760ccd76043525e851d0) C:\WINDOWS\system32\DRIVERS\sisnicxp.sys
2010/08/05 11:53:55.0705 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/08/05 11:53:55.0799 smwdm (1319ea66a96250d59665d133c0ff7cd0) C:\WINDOWS\system32\drivers\smwdm.sys
2010/08/05 11:53:55.0939 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/08/05 11:53:56.0018 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/08/05 11:53:56.0111 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/08/05 11:53:56.0189 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/08/05 11:53:56.0268 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/08/05 11:53:56.0346 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/08/05 11:53:56.0596 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/08/05 11:53:56.0752 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/08/05 11:53:56.0846 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/08/05 11:53:56.0939 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/08/05 11:53:57.0018 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/08/05 11:53:57.0221 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/08/05 11:53:57.0393 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2010/08/05 11:53:57.0502 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/08/05 11:53:57.0580 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/08/05 11:53:57.0658 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/08/05 11:53:57.0705 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2010/08/05 11:53:57.0783 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/08/05 11:53:57.0846 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/08/05 11:53:57.0893 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/08/05 11:53:57.0955 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/08/05 11:53:58.0064 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/08/05 11:53:58.0174 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/08/05 11:53:58.0299 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/08/05 11:53:58.0564 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/08/05 11:53:58.0674 ================================================================================
2010/08/05 11:53:58.0674 Scan finished
2010/08/05 11:53:58.0674 ================================================================================
2010/08/05 11:53:58.0705 Detected object count: 1
2010/08/05 11:54:10.0424 dmio (a8a832f25a55171019809fb680d5b43d) C:\WINDOWS\system32\drivers\dmio.sys
2010/08/05 11:54:10.0424 Suspicious file (Forged): C:\WINDOWS\system32\drivers\dmio.sys. Real md5: a8a832f25a55171019809fb680d5b43d, Fake md5: f5e7b358a732d09f4bcf2824b88b9e28
2010/08/05 11:54:12.0721 Backup copy found, using it..
2010/08/05 11:54:12.0736 C:\WINDOWS\system32\drivers\dmio.sys - will be cured after reboot
2010/08/05 11:54:12.0736 Rootkit.Win32.TDSS.tdl3(dmio) - User select action: Cure
2010/08/05 11:54:16.0377 Deinitialize success

broni · 2010/08/05

Very good

Does the error message still pop-up?

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jmolina81 · 2010/08/10

combo fix done

I am no longer having the error message.

ComboFix 10-08-10.01 - owner 08/10/2010 14:41:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.556 [GMT -5:00]
Running from: c:\documents and settings\owner\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\owner\Application Data\Dealio
c:\documents and settings\owner\Application Data\Dealio\temp\WTIE-14824.log
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\components\config.ini
c:\program files\Dealio Toolbar\FF\components\dealioToolbarFF.dll
c:\program files\Dealio Toolbar\IE\4.0.2\config.ini
c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\SSFF\chrome.manifest
c:\program files\Dealio Toolbar\SSFF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Dealio Toolbar\SSFF\components\SearchSettingsFF.dll
c:\program files\Dealio Toolbar\SSFF\components\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\SelectRebates
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-10 to 2010-08-10 )))))))))))))))))))))))))))))))
.

2010-08-04 15:58 . 2010-08-04 15:58 -------- d-----w- c:\documents and settings\owner\Application Data\Malwarebytes
2010-08-04 15:57 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-04 15:57 . 2010-08-04 15:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-04 15:57 . 2010-08-04 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-04 15:57 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-03 17:12 . 2010-08-03 17:12 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\The Weather Channel
2010-07-28 18:45 . 2010-07-28 18:45 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-28 18:45 . 2010-07-28 18:45 -------- d-----w- c:\program files\Application Updater
2010-07-28 18:44 . 2010-07-28 18:44 -------- d-----w- c:\documents and settings\owner\Application Data\Search Settings
2010-07-28 18:44 . 2010-07-28 18:44 -------- d-----w- c:\program files\SANYO Digital Camera
2010-07-28 18:43 . 2010-07-28 18:43 -------- d-----w- c:\program files\The Weather Channel FW
2010-07-28 18:43 . 2010-08-03 18:47 -------- d-----w- c:\documents and settings\owner\Local Settings\Application Data\AskToolbar
2010-07-28 18:43 . 2010-07-28 18:43 -------- d-----w- c:\program files\CCleaner
2010-07-21 20:05 . 2010-07-21 20:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-21 20:05 . 2010-07-21 20:05 -------- d-----w- c:\documents and settings\owner\Application Data\Office Genuine Advantage
2010-07-19 19:35 . 2010-08-04 20:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-19 19:34 . 2010-07-19 19:34 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-10 19:28 . 2010-01-07 16:44 3280 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\qbbackup.sys
2010-08-09 21:49 . 2010-06-10 22:11 432472 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-05 16:55 . 2004-08-04 12:00 153344 ----a-w- c:\windows\system32\drivers\dmio.sys
2010-08-03 18:43 . 2009-12-17 17:19 -------- d-----w- c:\documents and settings\owner\Application Data\HPAppData
2010-07-28 18:43 . 2006-11-07 18:26 -------- d-----w- c:\program files\The Disc 3.0
2010-07-28 18:43 . 2010-06-29 16:46 -------- d-----w- c:\program files\Ask.com
2010-07-28 18:43 . 2006-08-16 17:53 -------- d-----w- c:\program files\IrfanView
2010-07-21 19:52 . 2010-07-10 17:19 -------- d-----w- c:\program files\I-play Games
2010-07-20 21:35 . 2008-02-20 22:34 -------- d-----w- c:\program files\Incomplete
2010-07-20 21:35 . 2006-08-17 20:00 -------- d-----w- c:\program files\LimeWire
2010-07-19 22:16 . 2010-04-06 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-07-10 17:58 . 2008-05-14 15:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-06 16:46 . 2006-12-04 17:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-07-02 14:02 . 2010-01-07 18:44 791856 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblgen10.dll
2010-07-02 14:02 . 2010-01-07 18:44 496944 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlrsa10.dll
2010-07-02 14:02 . 2010-01-07 18:44 423216 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbmlsync.exe
2010-07-02 14:02 . 2010-01-07 18:44 296240 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlsock10.dll
2010-07-02 14:02 . 2010-01-07 18:44 267568 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlcrsa10.dll
2010-07-02 14:02 . 2010-01-07 18:44 856880 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\dblgen11.dll
2010-07-02 14:02 . 2010-01-07 18:44 763184 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dblib10.dll
2010-07-02 14:02 . 2010-01-07 18:44 570672 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\mlhttps10.dll
2010-07-02 14:02 . 2010-01-07 18:44 398640 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbcon10.dll
2010-07-02 14:02 . 2010-01-07 18:44 2184496 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\iAnywhere.Data.SQLAnywhere.dll
2010-07-02 14:02 . 2010-01-07 18:44 1372424 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-07-02 14:02 . 2010-01-07 18:44 1152304 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\SyncMgr\OCD\Sybase10\dbtool10.dll
2010-07-01 14:46 . 2010-07-01 14:46 2728840 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-06-30 16:18 . 2006-12-05 16:48 -------- d--h--r- c:\documents and settings\owner\Application Data\yahoo!
2010-06-30 16:12 . 2006-12-04 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2010-06-30 16:12 . 2006-12-04 15:57 -------- d-----w- c:\program files\Yahoo!
2010-06-30 15:49 . 2010-06-30 15:49 27630760 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-06-24 20:18 . 2008-10-21 17:49 -------- d-----w- c:\program files\FrostWire
2010-06-21 16:30 . 2010-06-21 16:30 50354 ----a-w- c:\documents and settings\owner\Application Data\Facebook\uninstall.exe
2010-06-21 16:30 . 2010-06-21 16:30 -------- d-----w- c:\documents and settings\owner\Application Data\Facebook
2010-06-19 18:02 . 2009-06-25 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-15 00:23 . 2010-06-17 18:15 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUPDATER\yupdater.exe
2010-06-14 14:30 . 2006-07-29 19:35 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-12 02:18 . 2010-06-16 18:01 52224 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-06-12 02:18 . 2010-06-16 18:01 101376 ----a-w- c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-06-10 15:04 . 2010-01-07 18:37 975136 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch2.exe
2010-06-10 15:04 . 2010-01-07 18:37 44832 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2010\Components\DownloadQB20\Patch\qbpatch.exe
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\owner\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-05-24 13:55 . 2010-05-24 13:55 503808 -c--a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2031995c-n\msvcp71.dll
2010-05-24 13:55 . 2010-05-24 13:55 499712 -c--a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2031995c-n\jmc.dll
2010-05-24 13:55 . 2010-05-24 13:55 348160 -c--a-w- c:\documents and settings\owner\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-2031995c-n\msvcr71.dll
2003-08-27 19:19 . 2006-08-01 21:30 36963 -c--a-r- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 19:01 1230080 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-10 22:28 1233288 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-10 1233288]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6 "= "c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-11-10 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP "= "c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"SiSPower "= "SiSPower.dll" [2006-07-29 49152]
"SM1BG "= "c:\windows\SM1BG.EXE" [2003-08-27 94208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2006-09-07 282624]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"AVG8_TRAY "= "c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-28 2048352]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Intuit SyncManager "= "c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-01-27 1337608]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"CanonSolutionMenu "= "c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter "= "c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-04 1848648]

c:\documents and settings\owner\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-4-29 546816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMREMIND.EXE [2006-8-17 327680]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-5-18 1154848]
UPS Online PLD Reminder Utility.lnk - c:\upsold\UOWS\PldReminder.exe [2006-8-17 28672]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2006-7-29 262144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe "=
"c:\\Program Files\\LimeWire\\LimeWire.exe "=
"c:\\StubInstaller.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2009 9:38 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/20/2009 9:38 AM 108552]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [1/8/2010 1:51 AM 380928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 9:37 AM 297752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/12/2010 11:22 AM 136176]
S3 DCamUSBNovatek;SANYO Digital Camera;c:\windows\system32\drivers\nvtcam.sys [4/16/2008 2:09 PM 55808]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:21]

2010-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-12 16:21]

2010-08-10 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]

2010-08-10 c:\windows\Tasks\User_Feed_Synchronization-{BB725C92-4CDE-41D7-A120-DBF7E0DE17D3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
FF - ProfilePath - c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\owner\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\owner\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\IE\4.0.2\dealioToolbarIE.dll
HKCU-Run-ares - F:\Ares.exe
HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
SafeBoot-klmdb.sys
AddRemove-Foss_for_WorldShipDom - c:\ups\uows\FOSS\Foss65Uninst.isu
AddRemove-UPS Formatted Output SubSystem (FOSS) v3.0.0.0 - c:\ups\uows\FOSSUninstall.isu
AddRemove-UPS Internet Communication Manager (UPSLNKMG) - c:\ups\uows\COMMUninstall.isu
AddRemove-UPS Reference Rate Utility () v1.0.0.0 - c:\ups\UOWS\RRUUninstall.isu
AddRemove-UPS Server Based Services (SBS) v1.0.0.1 - c:\ups\uows\SBSUninstall.isu
AddRemove-UPS Support Assistant (SuppAsst) v1.0.0 - c:\ups\UOWS\SuppAsstUninstall.isu
AddRemove-UPS UPS Address Validator () v1.0.0 - c:\ups\UOWS\AddrValUninstall.isu
AddRemove-UPS UPS OnLine WorldShip QuickDoc () v2.0.0 - c:\ups\UOWS\QDCUninstall.isu
AddRemove-UPS UPS OnLine WorldShip RAVE () v2.0.0 - c:\ups\UOWS\RAVEUninstall.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-10 14:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2010-08-10 14:49:19
ComboFix-quarantined-files.txt 2010-08-10 19:49

Pre-Run: 58,332,188,672 bytes free
Post-Run: 58,649,497,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 4B546B1A5F061E51E0A8E55611CF4CC2

broni · 2010/08/10

Good news

Please, uninstall Ask.com as it's considered as adware.

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jmolina81 · 2010/09/07

otl

OTL logfile created on: 8/16/2010 10:06:39 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

991.00 Mb Total Physical Memory | 532.00 Mb Available Physical Memory | 54.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.46 Gb Free Space | 77.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-1C5BA76C0
Current User Name: owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/16 10:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\My Documents\Downloads\OTL.exe
PRC - [2010/07/28 13:50:27 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2010/05/18 11:16:22 | 001,154,848 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2010/05/18 09:57:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009/08/17 09:09:00 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/17 09:08:45 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/17 09:08:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/03/09 05:19:24 | 000,386,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/03/03 20:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/18 17:32:32 | 000,546,816 | ---- | M] (MagicISO, Inc.) -- C:\Program Files\MagicDisc\MagicDisc.exe
PRC - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/25 19:03:20 | 000,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/10/14 09:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brsvc01a.exe
PRC - [2001/12/13 01:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe

========== Modules (SafeList) ==========

MOD - [2010/08/16 10:05:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\owner\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 07:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010/05/18 09:57:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/08/17 09:08:06 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/23 22:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/22 12:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2002/09/20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [2002/04/12 01:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\owner\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/08/17 09:08:59 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/17 09:08:59 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/15 09:14:05 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/13 12:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/02/18 17:29:16 | 000,096,256 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2006/10/12 17:40:00 | 000,055,808 | ---- | M] (NTK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV - [2006/07/29 15:57:39 | 000,261,632 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/07/29 15:57:39 | 000,011,904 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2006/02/14 16:02:58 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2005/02/28 23:01:40 | 000,392,704 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/09/13 23:55:44 | 000,088,960 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
DRV - [2004/08/03 17:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/12 06:27:18 | 000,051,712 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/01/10 05:28:18 | 000,011,648 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2003/12/19 22:15:50 | 000,015,263 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com "
FF - prefs.js..browser.search.defaultenginename: "Web Search "
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p= "
FF - prefs.js..browser.search.order.1: "Ask.com "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963 "
FF - prefs.js..browser.search.selectedEngine: "Web Search "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/ "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p= "

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:23:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2010/01/04 17:43:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/04/01 09:46:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/02 09:34:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/02 09:34:12 | 000,000,000 | ---D | M]

[2010/06/29 11:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions
[2010/06/29 11:47:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/11 17:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions
[2009/09/03 14:25:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/28 13:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com
[2010/07/07 10:32:20 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\searchplugins\askcom.xml
[2010/08/11 10:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/10 14:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
[2010/08/10 14:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com
[2010/07/10 12:19:24 | 000,001,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1036062.xml

O1 HOSTS File: ([2010/08/10 14:45:49 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE (The Learning Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\UPS Online PLD Reminder Utility.lnk = C:\upsold\UOWS\PldReminder.exe (United Parcel Service of America, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2010/06/30 11:12:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2010/06/30 11:12:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2010/06/30 11:12:45 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2010/06/30 11:12:45 | 000,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1186088304859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.167.161.35 216.167.161.36
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/29 14:37:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/16 09:52:54 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/08/12 11:59:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/12 11:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Amazon
[2010/08/12 10:56:16 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/08/10 14:39:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/10 14:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/04 10:58:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Malwarebytes
[2010/08/04 10:57:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/04 10:57:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/04 10:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/04 10:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/03 12:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\The Weather Channel
[2010/08/03 11:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/03 11:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/28 13:45:00 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2010/07/28 13:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Search Settings
[2010/07/28 13:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\SANYO Digital Camera
[2010/07/28 13:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\The Weather Channel FW
[2010/07/28 13:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AskToolbar
[2010/07/28 13:43:28 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/21 15:05:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/07/21 15:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Office Genuine Advantage
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\pt-BR
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nl-NL
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\it-IT
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr-FR
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\es-ES
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-DE
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2010/07/21 14:57:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2010/07/19 15:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/19 14:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/19 14:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/10 12:19:23 | 000,000,000 | ---D | C] -- C:\Program Files\I-play Games
[2010/06/30 11:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Yahoo
[2010/06/30 11:13:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\Yahoo!
[2010/06/29 13:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Music
[2010/06/29 11:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/06/21 11:30:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\owner\My Documents\My Videos
[2010/06/21 11:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Application Data\Facebook
[2006/08/01 16:30:30 | 000,036,963 | R--- | C] (Cypress Semiconductor) -- C:\Program Files\Common Files\SM1updtr.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\Desktop\*.tmp files -> C:\Documents and Settings\owner\Desktop\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/16 09:58:39 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BB725C92-4CDE-41D7-A120-DBF7E0DE17D3}.job
[2010/08/16 09:56:51 | 000,000,135 | ---- | M] () -- C:\WINDOWS\UPSWSHIP.INI
[2010/08/16 09:56:42 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/16 09:55:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/16 09:55:57 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/16 09:55:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/16 09:55:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 09:54:44 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\owner\ntuser.dat
[2010/08/16 09:54:20 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\owner\ntuser.ini
[2010/08/16 09:33:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 09:00:35 | 063,499,870 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/13 11:27:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/13 09:14:15 | 000,000,639 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/12 16:53:28 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\SMARTSTART.xls
[2010/08/12 16:53:23 | 000,258,048 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\DAILY.xls
[2010/08/11 17:34:53 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel Desktop .lnk
[2010/08/10 14:45:58 | 000,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/10 14:45:49 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/10 14:39:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/10 11:01:00 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Preseason.doc
[2010/08/09 16:31:01 | 000,013,020 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Comma Separated Values (Windows).CAL
[2010/08/09 16:29:30 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/09 16:27:39 | 000,510,622 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/09 16:27:39 | 000,436,030 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/09 16:27:39 | 000,068,418 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/04 15:33:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 10:57:58 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/15 09:16:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/30 11:11:48 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/06/30 11:11:48 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/29 13:22:26 | 000,000,179 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Removable Disk (E).lnk
[2010/06/29 11:45:15 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\LimeWire 5.5.10.lnk
[2010/06/15 09:07:04 | 000,000,090 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/11 08:58:39 | 000,330,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 11:05:35 | 000,031,011 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\yvonne.rtf
[2010/06/02 16:08:36 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Copy of V97 Mobiles_Dealer.lnk
[2010/06/02 16:08:31 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Copy of Portables_Dealer v97.lnk
[2010/05/25 09:58:14 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\To Westgate Mobile Home Park.doc
[2010/05/19 16:46:07 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\owner\My Documents\Kenwood High Output Bass Package.doc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\Desktop\*.tmp files -> C:\Documents and Settings\owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/10 14:39:49 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/10 14:39:47 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/09 16:31:01 | 000,013,020 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Comma Separated Values (Windows).CAL
[2010/08/09 16:29:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/04 10:57:58 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/21 14:57:02 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/07/19 14:35:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/09 09:13:31 | 008,650,752 | ---- | C] () -- C:\Documents and Settings\owner\ntuser.dat
[2010/06/30 11:11:48 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/06/30 11:11:48 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2010/06/29 13:22:26 | 000,000,179 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Shortcut to Removable Disk (E).lnk
[2010/06/29 11:45:15 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\LimeWire 5.5.10.lnk
[2010/06/10 17:11:16 | 000,432,472 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/02 16:08:36 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Copy of V97 Mobiles_Dealer.lnk
[2010/06/02 16:08:31 | 000,000,700 | ---- | C] () -- C:\Documents and Settings\owner\Desktop\Shortcut to Copy of Portables_Dealer v97.lnk
[2010/05/25 09:58:14 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\To Westgate Mobile Home Park.doc
[2010/05/19 16:46:07 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\owner\My Documents\Kenwood High Output Bass Package.doc
[2010/01/07 11:28:01 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/01/06 14:40:45 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2009/12/10 14:59:45 | 000,003,080 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/12 16:42:56 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\adskey.txt
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/23 14:03:54 | 000,001,204 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/16 12:10:38 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI
[2008/04/16 12:05:31 | 000,000,441 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/01/28 16:25:04 | 000,000,464 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/01/28 16:25:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/01/28 16:25:04 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/08/15 17:01:44 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2006/11/07 13:28:48 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\owner\Application Data\theDisc3
[2006/09/07 13:07:23 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/01 09:55:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\fusioncache.dat
[2006/08/17 15:44:11 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/08/17 15:43:39 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\swft32.dll
[2006/08/17 15:43:39 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\fort32.dll
[2006/08/17 15:43:04 | 000,000,135 | ---- | C] () -- C:\WINDOWS\UPSWSHIP.INI
[2006/08/16 09:34:31 | 000,040,448 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/03 10:18:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\owner\Local Settings\Application Data\imageCache7.db
[2006/08/01 17:11:57 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2006/08/01 16:19:07 | 000,001,062 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/29 15:58:07 | 000,076,011 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/07/29 15:57:50 | 000,074,515 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/06/19 13:02:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/04/06 09:06:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/06 10:41:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX
[2010/04/06 09:10:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2010/07/19 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJPLM
[2010/04/06 09:12:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenu
[2010/01/07 11:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2006/08/01 16:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/01/07 11:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2010/01/07 11:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2010/07/10 12:58:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/06 14:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/09/24 10:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UltiDev
[2008/08/14 15:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VistaCodecs
[2010/08/12 11:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Amazon
[2009/05/19 10:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\AVGTOOLBAR
[2010/06/21 11:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Facebook
[2009/09/02 13:23:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\FrostWire
[2007/03/13 10:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Leadertech
[2006/09/07 13:30:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Red Chair Software
[2010/07/28 13:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Search Settings
[2008/04/21 10:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Snapfish
[2008/04/16 12:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Ulead Systems
[2007/05/03 12:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Uniblue
[2010/01/06 14:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\uTorrent
[2010/08/16 09:55:59 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/08/16 10:13:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{BB725C92-4CDE-41D7-A120-DBF7E0DE17D3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/07/29 14:37:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/07/29 14:26:32 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/10 14:39:49 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/10 14:49:20 | 000,026,101 | ---- | M] () -- C:\ComboFix.txt
[2006/07/29 14:37:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/07/29 14:37:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/07/29 14:37:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 07:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/16 09:55:33 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys
[2005/10/31 10:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe
[2010/08/05 11:54:16 | 000,037,698 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_05.08.2010_11.53.38_log.txt
[2010/08/05 12:15:55 | 000,036,058 | ---- | M] () -- C:\TDSSKiller.2.4.1.0_05.08.2010_12.08.21_log.txt
[2007/09/14 12:14:02 | 000,000,015 | --S- | M] () -- C:\testlog.log
[2007/05/03 12:40:07 | 000,009,050 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/02/09 01:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
[2008/04/01 05:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD9F.DLL
[2008/04/01 05:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP9F.DLL
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/08/12 11:58:10 | 000,314,880 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp082.dll
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/02/14 08:05:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/14 08:05:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/14 08:05:31 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 07:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP20FFA63
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

broni · 2010/09/07

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
FF - prefs.js..browser.search.defaultengine:  "Ask.com "
FF - prefs.js..browser.search.order.1:  "Ask.com "
[2010/07/28 13:43:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com
[2010/07/07 10:32:20 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\searchplugins\askcom.xml
O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Reg Error: Key error.)
[2010/07/28 13:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\owner\Local Settings\Application Data\AskToolbar
[2010/06/29 11:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\owner\Desktop\*.tmp files -> C:\Documents and Settings\owner\Desktop\*.tmp -> ]
[2007/05/03 12:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\owner\Application Data\Uniblue
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D20FFA63
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

broni · 2010/09/12

Are you still out there?

jmolina81 · 2010/09/13

yes sorry, doing it now.

jmolina81 · 2010/09/13

OTL Fix

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-30-Jun-2010-14-35-32-GMT folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-07-Jul-2010-15-32-03-GMT folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\owner\Application Data\Mozilla\Firefox\Profiles\rfxmye23.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\owner\Local Settings\Application Data\AskToolbar\Downloaded Program Files\temp folder moved successfully.
C:\Documents and Settings\owner\Local Settings\Application Data\AskToolbar\Downloaded Program Files folder moved successfully.
C:\Documents and Settings\owner\Local Settings\Application Data\AskToolbar folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\owner\Desktop\~WRL3504.tmp deleted successfully.
C:\Documents and Settings\owner\Application Data\Uniblue\Registry Booster2 folder moved successfully.
C:\Documents and Settings\owner\Application Data\Uniblue folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP20FFA63 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 229577 bytes
->Flash cache emptied: 975 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1095403 bytes
->Flash cache emptied: 5071 bytes

User: owner
->Temp folder emptied: 20083666 bytes
->Temporary Internet Files folder emptied: 182044339 bytes
->Java cache emptied: 103134144 bytes
->FireFox cache emptied: 39487955 bytes
->Flash cache emptied: 42079 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1155826 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 53105984 bytes

Total Files Cleaned = 382.00 mb

[EMPTYFLASH]

User: All Users

User: Application Data

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 09132010_121824

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2010/09/13

Ok

broni · 2010/09/18

Are you still out there?

jmolina81 · 2010/09/21

yes

I did the last OTL fix, didnt have any other instructions

broni · 2010/09/21

Cool

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

IMOPRTANT! UN-check Remove found threats

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Log in or Sign up

Solved svchost.exe virus

jmolina81 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved svchost.exe virus

jmolina81 Inactive Thread Starter

PeteC SuperGeek Staff

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

jmolina81 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches