Solved Computer runs very slow. Feel there may be possible malware

The error message appears to be gone. Thanks! I am currently running the ESET scan. I will post the log when finished. Thanks again for all of your help!

 

ESET results

C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}\chrome\content\overlay.xul probably a variant of Win32/Agent trojan

 

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :Files
  C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}\chrome\content\overlay.xul
  

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

========== FILES ==========
C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}\chrome\content\overlay.xul moved successfully.

OTL by OldTimer - Version 3.2.9.1 log created on 08062010_071408

 

How are things now?

 

I am currently doing the OTL quick fix. I probably won't be able to post the results until later this afternoon. Also, the computer seems very slow. The applications seem to take a while to open. Thanks again for your assistance.

 

Have you tried a defragment lately?

==

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

Thanks. I'll run the combo fix later. Do you want me to disconnect my cable modem (internet source) before running combo fix? In your last post it says that combo fix will disconnect the computer during the process and re-connect when completed?

 

Yes please.

 

No problem. I'll post the results later today.

 

OTL logfile created on: 8/6/2010 7:28:55 AM - Run 4
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Mel Broad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 70.35 Gb Free Space | 30.84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 189.92 Gb Total Space | 44.39 Gb Free Space | 23.37% Space Free | Partition Type: NTFS

Computer Name: D8JWMJ91
Current User Name: Mel Broad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/04 23:29:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/30 23:08:30 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/30 23:08:20 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/30 23:07:55 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/30 23:07:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/30 23:05:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/07/21 17:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (SafeList) ==========

MOD - [2010/08/04 23:29:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/30 23:07:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 23:05:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2009/08/30 23:08:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/30 23:08:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/15 10:15:10 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/15 10:15:10 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/15 10:15:03 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/15 10:14:52 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/02 09:45:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/11/16 22:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/10 05:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} [2010/07/12 22:27:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/05 15:25:30 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/20 23:43:37 | 000,000,059 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/05 15:23:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/04 23:29:15 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
[2010/08/04 09:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/03 23:57:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mel Broad\Recent
[2010/07/12 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}
[2010/07/12 22:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\hqtkohwno
[2010/06/26 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\qdsvnimkr
[2010/05/09 21:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Application Data\Research In Motion
[2010/05/09 21:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/05/09 21:24:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/05/09 21:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/05/09 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[38 C:\Documents and Settings\Mel Broad\My Documents\*.tmp files -> C:\Documents and Settings\Mel Broad\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/06 07:20:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 07:17:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 07:17:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 07:17:50 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/06 07:16:35 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Mel Broad\ntuser.dat
[2010/08/06 07:16:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mel Broad\ntuser.ini
[2010/08/06 07:11:49 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/08/06 06:40:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/05 18:09:30 | 062,985,912 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/04 23:29:18 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
[2010/08/02 20:54:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/01 21:01:00 | 000,223,941 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Balance2.wks
[2010/07/25 18:10:32 | 000,018,333 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Soverign (mbsports44).wks
[2010/07/21 19:26:50 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Mel Broad\g2mdlhlpx.exe
[2010/07/20 22:09:13 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tvuje.dat
[2010/07/20 05:35:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pqakujaneca.bin
[2010/07/14 22:26:56 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps3.wps
[2010/07/14 22:26:39 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps2.wps
[2010/07/12 15:39:14 | 000,023,592 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\sovereign.wks
[2010/07/06 16:54:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\Microsoft Office Outlook 2003.lnk
[2010/06/29 17:11:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\throat.doc
[2010/06/24 16:35:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 12.doc
[2010/06/24 15:57:01 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 11.doc
[2010/06/24 03:08:40 | 000,507,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:08:40 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:08:40 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/23 06:36:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/21 23:01:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/06/15 07:56:41 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\What I like that my dad does.doc
[2010/06/13 16:43:18 | 000,141,667 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\dadfathersday2010.jpg
[2010/06/13 16:28:08 | 002,819,419 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Dad2010.jpg
[2010/06/13 16:22:59 | 000,119,490 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\elliotfathersday2010.jpg
[2010/06/12 07:37:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\the winner of quiet idol 2010 is jake broad.doc
[2010/06/12 07:35:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet is Mel broad.doc
[2010/06/11 16:22:52 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is lisa broad.doc
[2010/06/11 06:48:32 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/11 04:45:11 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/10 19:43:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\3 Qustions using spelling words.doc
[2010/06/09 16:55:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is Jake Broa1.doc
[2010/06/08 19:11:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\All of the words for ABC Order.doc
[2010/06/08 08:50:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\vegie chili.doc
[2010/06/07 19:22:47 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\8 jazzy sentences.doc
[2010/06/03 20:46:13 | 004,479,558 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\babaO.mp3
[2010/06/03 14:35:24 | 170,881,748 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod092608.mp3
[2010/06/03 14:31:30 | 135,366,921 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod110708.mp3
[2010/06/03 14:29:30 | 106,386,020 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod122608.mp3
[2010/06/02 17:01:23 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\8 Words for ABC Order.doc
[2010/06/01 16:07:43 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy sentences.doc
[2010/05/31 19:13:12 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\utensils and work suplises.doc
[2010/05/28 22:00:25 | 138,135,339 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\dead 8-25-72.mp3
[2010/05/28 18:48:11 | 000,015,439 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\cutting_shapes.pdf
[2010/05/25 15:02:12 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\butterfly.doc
[2010/05/24 15:51:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\6 Jazzy sentences.doc
[2010/05/19 15:39:08 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\10 words for ABC order.doc
[2010/05/18 15:39:35 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\lisa's resume.doc
[2010/05/17 16:15:53 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\5 Nouns in sentences.doc
[2010/05/13 15:22:23 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy senetnces.doc
[2010/05/09 23:17:27 | 000,000,256 | ---- | M] () -- C:\Documents and Settings\Mel Broad\pool.bin
[2010/05/09 21:25:19 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/09 21:14:10 | 271,060,312 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\501_b049_multilanguage.exe
[38 C:\Documents and Settings\Mel Broad\My Documents\*.tmp files -> C:\Documents and Settings\Mel Broad\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/21 19:26:49 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Mel Broad\g2mdlhlpx.exe
[2010/07/14 22:26:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps3.wps
[2010/07/12 22:48:01 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/12 22:27:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tvuje.dat
[2010/07/12 22:27:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pqakujaneca.bin
[2010/06/29 10:58:35 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\throat.doc
[2010/06/24 15:57:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 11.doc
[2010/06/24 15:42:27 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 12.doc
[2010/06/15 07:56:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\What I like that my dad does.doc
[2010/06/13 16:43:17 | 000,141,667 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\dadfathersday2010.jpg
[2010/06/13 16:28:04 | 002,819,419 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\Dad2010.jpg
[2010/06/13 16:22:59 | 000,119,490 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\elliotfathersday2010.jpg
[2010/06/12 07:35:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet is Mel broad.doc
[2010/06/11 16:20:14 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is lisa broad.doc
[2010/06/10 19:43:20 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\3 Qustions using spelling words.doc
[2010/06/09 16:54:41 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is Jake Broa1.doc
[2010/06/09 16:47:37 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\the winner of quiet idol 2010 is jake broad.doc
[2010/06/08 19:11:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\All of the words for ABC Order.doc
[2010/06/07 19:22:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\8 jazzy sentences.doc
[2010/06/07 12:36:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\vegie chili.doc
[2010/06/03 20:46:09 | 004,479,558 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\babaO.mp3
[2010/06/03 14:33:26 | 170,881,748 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod092608.mp3
[2010/06/03 14:31:06 | 135,366,921 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod110708.mp3
[2010/06/03 14:29:10 | 106,386,020 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod122608.mp3
[2010/06/01 16:07:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy sentences.doc
[2010/05/31 19:13:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\utensils and work suplises.doc
[2010/05/28 21:59:35 | 138,135,339 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\dead 8-25-72.mp3
[2010/05/28 18:47:33 | 000,015,439 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\cutting_shapes.pdf
[2010/05/25 14:56:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\butterfly.doc
[2010/05/24 15:51:25 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\6 Jazzy sentences.doc
[2010/05/17 16:15:52 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\5 Nouns in sentences.doc
[2010/05/13 15:22:23 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy senetnces.doc
[2010/05/11 16:26:24 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\8 Words for ABC Order.doc
[2010/05/10 20:50:39 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/05/09 21:37:22 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Mel Broad\pool.bin
[2010/05/09 21:25:18 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Desktop Manager.lnk
[2010/05/09 21:13:22 | 271,060,312 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\501_b049_multilanguage.exe
[2010/04/14 09:06:40 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/20 21:50:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/06/11 14:24:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/05/25 17:49:07 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2006/03/08 23:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/03/08 23:41:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2006/03/08 20:02:07 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/08 18:39:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/21 15:24:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/21 15:14:57 | 000,000,361 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/21 15:11:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 14:44:40 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/02/21 15:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/08/16 19:31:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/04/14 11:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/08/15 10:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/05/09 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/08/15 09:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2009/08/15 10:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/02/02 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/24 22:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/19 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 11:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 22:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/15 22:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\dBpoweramp
[2009/07/23 15:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\IObit
[2006/09/11 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Leadertech
[2009/07/23 15:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\MSNInstaller
[2006/03/08 21:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Nikon
[2010/05/09 21:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Research In Motion
[2006/03/15 12:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Snapfish
[2009/10/31 08:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\TweakNow RegCleaner
[2010/06/24 21:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\uTorrent
[2007/02/12 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 372 bytes -> C:\WINDOWS\System32\drivers\pcppnwtq.sys:changelist
< End of report >

 

ComboFix 10-08-06.01 - Mel Broad 08/06/2010 14:38:04.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.199 [GMT -4:00]
Running from: c:\documents and settings\Mel Broad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mel Broad\g2mdlhlpx.exe
J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 19:23 . 2010-08-05 19:23 -------- d-----w- C:\_OTL
2010-08-04 13:25 . 2010-08-04 13:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 11:44 . 2010-08-04 11:44 -------- d-----w- c:\documents and settings\sam broad\Application Data\Research In Motion
2010-07-14 09:51 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 02:27 . 2010-07-21 02:09 120 ----a-w- c:\windows\Tvuje.dat
2010-07-13 02:27 . 2010-07-20 09:35 0 ----a-w- c:\windows\Pqakujaneca.bin
2010-07-13 02:27 . 2010-07-13 02:27 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}
2010-07-13 02:25 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\hqtkohwno

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 11:11 . 2010-05-11 00:50 256 ----a-w- c:\windows\system32\pool.bin
2010-08-04 13:25 . 2006-02-21 19:03 -------- d-----w- c:\program files\Java
2010-08-04 10:34 . 2010-08-04 10:34 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcp71.dll
2010-08-04 10:34 . 2010-08-04 10:34 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\jmc.dll
2010-08-04 10:34 . 2010-08-04 10:34 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-d3d.dll
2010-08-04 10:34 . 2010-08-04 10:34 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-sse.dll
2010-08-04 10:34 . 2010-08-04 10:34 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcr71.dll
2010-08-03 07:29 . 2010-08-03 07:29 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcp71.dll
2010-08-03 07:29 . 2010-08-03 07:29 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-d3d.dll
2010-08-03 07:29 . 2010-08-03 07:28 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-sse.dll
2010-08-03 07:29 . 2010-08-03 07:28 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\jmc.dll
2010-08-03 07:28 . 2010-08-03 07:28 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcr71.dll
2010-07-21 23:27 . 2006-03-18 17:04 -------- d-----w- c:\program files\Citrix
2010-07-17 09:00 . 2010-04-21 12:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 02:25 . 2008-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-14 14:27 . 2006-03-09 03:23 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\AdobeUM
2010-06-28 03:04 . 2006-03-11 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:28 . 2009-05-15 23:57 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\uTorrent
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-10 17:46 . 2010-06-10 17:46 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcp71.dll
2010-06-10 17:46 . 2010-06-10 17:46 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\jmc.dll
2010-06-10 17:46 . 2010-06-10 17:46 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-d3d.dll
2010-06-10 17:46 . 2010-06-10 17:46 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-sse.dll
2010-06-10 17:46 . 2010-06-10 17:46 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcr71.dll
2010-06-10 11:58 . 2008-12-29 20:30 27632 ----a-w- c:\documents and settings\sam broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-25 07:26 . 2010-05-25 07:26 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcp71.dll
2010-05-25 07:26 . 2010-05-25 07:26 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-sse.dll
2010-05-25 07:26 . 2010-05-25 07:26 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\jmc.dll
2010-05-25 07:26 . 2010-05-25 07:26 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcr71.dll
2010-05-25 07:26 . 2010-05-25 07:26 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-d3d.dll
2010-05-10 03:17 . 2010-05-10 01:37 256 ----a-w- c:\documents and settings\Mel Broad\pool.bin
2006-03-10 03:56 . 2006-03-09 00:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AcronisTimounterMonitor "= "c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
2005-01-05 20:45 1015808 ----a-w- c:\program files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 23:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 19:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Mel Broad\\My Documents\\utorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2008 1:51 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2008 1:51 PM 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/17/2010 9:32 AM 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2009 8:53 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/15/2008 1:51 PM 297752]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\j2re1.4.2_03\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 14:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-06 14:57:38
ComboFix-quarantined-files.txt 2010-08-06 18:57
ComboFix2.txt 2010-04-21 03:16

Pre-Run: 75,391,492,096 bytes free
Post-Run: 75,471,994,880 bytes free

- - End Of File - - 25DD6DF2A4901CC5F684AA354ADAD185

 

Has Combofix been run on this pc before?

==

1. Please open Notepad

• Click Start , then Run
• Type notepad.exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

KillAll::

File::
c:\windows\Tvuje.dat
c:\windows\Pqakujaneca.binc:\documents and settings\Mel Broad\Local Settings\Application Data\hqtkohwno
c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Save the above as CFScript.txt

4. Physically disconnect from the internet.

5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:

• Combofix.txt

Please take note:

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

=============

How is it now?

 

Yes. Combofix has been run on this
Computer about 3 months ago. I will post the results of the next combofix run later. Thanks.

 

ComboFix 10-08-06.01 - Mel Broad 08/06/2010 17:42:20.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.237 [GMT -4:00]
Running from: c:\documents and settings\Mel Broad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mel Broad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} "
"c:\windows\Pqakujaneca.binc:\documents and settings\Mel Broad\Local Settings\Application Data\hqtkohwno "
"c:\windows\Tvuje.dat "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Tvuje.dat

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-05 19:23 . 2010-08-05 19:23 -------- d-----w- C:\_OTL
2010-08-04 13:25 . 2010-08-04 13:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 11:44 . 2010-08-04 11:44 -------- d-----w- c:\documents and settings\sam broad\Application Data\Research In Motion
2010-07-14 09:51 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-13 02:27 . 2010-07-20 09:35 0 ----a-w- c:\windows\Pqakujaneca.bin
2010-07-13 02:27 . 2010-07-13 02:27 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}
2010-07-13 02:25 . 2010-07-13 02:46 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\hqtkohwno

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 11:11 . 2010-05-11 00:50 256 ----a-w- c:\windows\system32\pool.bin
2010-08-04 13:25 . 2006-02-21 19:03 -------- d-----w- c:\program files\Java
2010-07-21 23:27 . 2006-03-18 17:04 -------- d-----w- c:\program files\Citrix
2010-07-17 09:00 . 2010-04-21 12:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 02:25 . 2008-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-07-14 14:27 . 2006-03-09 03:23 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\AdobeUM
2010-06-28 03:04 . 2006-03-11 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:28 . 2009-05-15 23:57 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\uTorrent
2010-06-10 11:58 . 2008-12-29 20:30 27632 ----a-w- c:\documents and settings\sam broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 03:17 . 2010-05-10 01:37 256 ----a-w- c:\documents and settings\Mel Broad\pool.bin
2006-03-10 03:56 . 2006-03-09 00:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AcronisTimounterMonitor "= "c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
2005-01-05 20:45 1015808 ----a-w- c:\program files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 23:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 19:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Mel Broad\\My Documents\\utorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-08-31 335240]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-08-05 93872]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-31 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-31 297752]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-24 431384]

.
Contents of the 'Scheduled Tasks' folder

2010-08-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Maxtor\Sync\SyncServices.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-08-06 18:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 22:21
ComboFix2.txt 2010-08-06 18:57
ComboFix3.txt 2010-04-21 03:16

Pre-Run: 75,408,252,928 bytes free
Post-Run: 75,425,554,432 bytes free

- - End Of File - - 8086CF52204F50178EA9B7662770AFE9

 

The computer seems to be faster now. Anything else you would suggest I do to improve performance? (I do defrag weekly).

 

Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========

 

I use CCleaner. Is it okay to use them both?

 

No problem using both, although probably not necessary.

Can you please do an on-line scan to check for any hangers-on.

Go to Kaspersky website and perform an online antivirus scan.

1. Disable your active antivirus program.
2. Read through the requirements and privacy statement and click on the Accept button.
3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
4. When the downloads have finished, click on Settings.
5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

• Spyware, Adware, Dialers, and other potentially dangerous programs
  [*] Archives
  [*] Mail databases

6. Click on My Computer under Scan.
7. Once the scan is complete, it will display the results. Click on View Scan Report.
8. You will see a list of infected items there. Click on Save Report As....
9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

 

Tried to run Kaspersky. It stalled after 1 hour and 20 minutes (6% scanned). Although it says scanning in process, nothing is happening.