Solved Computer running extremely slow.

lmsj2010 · 2010/08/20

[Resolved] Computer running extremely slow.

Computer runs very slow recently. Have to constantly reboot, defrag and use CCleaner to get computer to work properly. Any help would be greatly appreciated. Thanks in advance!

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/8/2006 5:12:20 PM
System Uptime: 8/20/2010 8:30:44 PM (1 hours ago)

Motherboard: Dell Inc. | | 0WG261
Processor: Intel(R) Pentium(R) 4 CPU 3.20GHz | Microprocessor | 3192/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 228 GiB total, 67.609 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 190 GiB total, 42.861 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 8/6/2010 5:37:03 PM - System Checkpoint
RP2: 8/7/2010 6:28:04 PM - System Checkpoint
RP3: 8/8/2010 8:02:53 PM - Removed Microsoft Silverlight
RP4: 8/9/2010 8:09:44 PM - System Checkpoint
RP5: 8/9/2010 9:13:31 PM - Installed Opera 10.60.
RP6: 8/9/2010 11:21:36 PM - Removed Opera 10.60.
RP7: 8/10/2010 11:57:47 PM - System Checkpoint
RP8: 8/11/2010 3:02:36 AM - Software Distribution Service 3.0
RP9: 8/12/2010 7:32:20 AM - System Checkpoint
RP10: 8/13/2010 7:40:52 AM - System Checkpoint
RP11: 8/14/2010 8:08:43 AM - System Checkpoint
RP12: 8/15/2010 11:54:25 AM - System Checkpoint
RP13: 8/16/2010 1:23:44 PM - System Checkpoint
RP14: 8/17/2010 11:44:48 PM - System Checkpoint
RP15: 8/19/2010 12:05:44 AM - System Checkpoint
RP16: 8/20/2010 12:24:22 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
ATnotes Version 9.5
AutoUpdate
AVG 8.5
Banctec Service Agreement
BlackBerry Desktop Software 5.0.1
BlackBerry® Media Sync
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon iP1800 series
Canon iP1800 series User Registration
Canon MovieEdit Task for ZoomBrowser EX
Canon My Printer
Canon PhotoRecord
Canon PIXMA iP3000
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Easy-LayoutPrint
Canon Utilities Easy-PhotoPrint
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Music Converter
dBpoweramp Shorten Codec
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell System Restore
Digital Content Portal
Digital Line Detect
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy-WebPrint
ELIcon
ESPNMotion
GemMaster Mystic
Google
GoToMeeting 4.5.0.457
GTOneCare
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HPCarePackCore
HPCarePackProducts
HPSSupply
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Malwarebytes' Anti-Malware
Maxtor Manager
MCU
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office PowerPoint Viewer 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 4.5
Microsoft Works Setup Launcher
Modem Helper
Mozilla Firefox (3.6.8)
MrvlUsgTracking
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Musicmatch for Windows Media Player
Network Magic
Nikon View 6
PowerDVD 5.5
Pure Networks Platform
QuickTime
Seagate*DiscWizard
SeaTools for Windows
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Smart Defrag 1.20
Sonic Encoders
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Turbo Lister 2
TweakNow RegCleaner
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
USB Storage Adapter FX (MXO)
Viewpoint Media Player
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/14/2010 8:43:32 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

==== End Of File ===========================

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mel Broad at 21:18:14.15 on Fri 08/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.227 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Documents and Settings\Mel Broad\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe "
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [BlackBerryAutoUpdate] c:\program files\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.snapfish.com/SnapfishActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} - hxxp://picture.vzw.com/activex/VerizonWirelessUploadControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\melbro~1\applic~1\mozilla\firefox\profiles\ylizrc6t.default\
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} - c:\documents and settings\mel broad\local settings\application data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-15 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-15 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-15 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-3-17 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-7-5 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-15 297752]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]

=============== Created Last 30 ================

2010-08-06 18:34:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-06 18:34:12 256512 ----a-w- c:\windows\PEV.exe

==================== Find3M ====================

2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:06:51 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-23 12:06:51 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 15:12:57 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-06-17 15:11:25 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2006-03-10 03:56:54 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-20 07:06:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082020080821\index.dat

============= FINISH: 21:19:23.15 ===============

broni · 2010/08/20

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

lmsj2010 · 2010/08/20

Here is the first scan. Currently running others. Will post info when finished. Thanks.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/20/2010 9:47:36 PM
mbam-log-2010-08-20 (21-47-36).txt

Scan type: Quick scan
Objects scanned: 162892
Time elapsed: 13 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/08/20

Ok

lmsj2010 · 2010/08/21

Here is the GMER post. MBR to follow. Thanks.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-21 06:49:22
Windows 5.1.2600 Service Pack 3
Running: 0tzg9b21.exe; Driver: C:\DOCUME~1\MELBRO~1\LOCALS~1\Temp\agloapob.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)

Device \FileSystem\Fastfat \Fat F7973D20

---- EOF - GMER 1.0.15 ----

lmsj2010 · 2010/08/21

Ran MBR. Got a message that says "found non standard or infected MBR. Enter Y and hit enter for more options or N to exit ". I pressed N to exit. I will wait for your instructions to run again.

lmsj2010 · 2010/08/21

Also, my wife just told me that she has been receiving spam emails (re:viagra) from people on her contact list. She uses Gmail.

broni · 2010/08/21

I need to see MBRCheck log (as instructed).

lmsj2010 · 2010/08/21

Here is the log. As I mentioned before, I just answered N and exited the scan.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 132):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xF8AE7000 \WINDOWS\system32\KDCOM.DLL
0xF89F7000 \WINDOWS\system32\BOOTVID.dll
0xF84B8000 ACPI.sys
0xF8AE9000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF84A7000 pci.sys
0xF85E7000 isapnp.sys
0xF8BAF000 pciide.sys
0xF8867000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF85F7000 MountMgr.sys
0xF8488000 ftdisk.sys
0xF8AEB000 dmload.sys
0xF8462000 dmio.sys
0xF886F000 PartMgr.sys
0xF8607000 VolSnap.sys
0xF844A000 atapi.sys
0xF8617000 disk.sys
0xF8627000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF842A000 fltmgr.sys
0xF8418000 sr.sys
0xF8637000 PxHelp20.sys
0xF8401000 KSecDD.sys
0xF83EE000 WudfPf.sys
0xF8361000 Ntfs.sys
0xF8334000 NDIS.sys
0xF82C9000 timntr.sys
0xF8270000 tdrpman.sys
0xF8251000 snapman.sys
0xF8237000 Mup.sys
0xF87E7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF8021000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF800D000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7FE5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF890F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7FC1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF8917000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7F8D000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF7F6A000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7E6B000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF7DC4000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF891F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7D9E000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF87F7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF8807000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF8927000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF8817000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF8C7E000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF8B17000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF8827000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF81AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF7D87000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF8837000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF8847000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF892F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7D4E000 \SystemRoot\system32\DRIVERS\psched.sys
0xF8857000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8937000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF893F000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF8947000 \SystemRoot\system32\DRIVERS\RimSerial.sys
0xF7D1E000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF8657000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF894F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8957000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF8B19000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7CC0000 \SystemRoot\system32\DRIVERS\update.sys
0xF818E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8667000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF5B5E000 \SystemRoot\system32\drivers\sthda.sys
0xF5B3A000 \SystemRoot\system32\drivers\portcls.sys
0xF8697000 \SystemRoot\system32\drivers\drmk.sys
0xF816E000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF86B7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF8B1D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF81E2000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF8B21000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D0F000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B23000 \SystemRoot\System32\Drivers\Beep.SYS
0xF5A84000 \SystemRoot\system32\drivers\SBREDrv.sys
0xF8967000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF896F000 \SystemRoot\System32\drivers\vga.sys
0xF8B25000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8B27000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8977000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF897F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF81D6000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF5A29000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF59D0000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF59B7000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF5991000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF8707000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF5969000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF5947000 \SystemRoot\System32\drivers\afd.sys
0xF8717000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF591C000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF58AC000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF8737000 \SystemRoot\System32\Drivers\Fips.SYS
0xF81BA000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF8747000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF8987000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xF585B000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF898F000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF8997000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF899F000 \SystemRoot\system32\DRIVERS\MXOFX.SYS
0xF7D7F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7D7B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8797000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF87C7000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF5753000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8B65000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF57D7000 \SystemRoot\System32\drivers\Dxapi.sys
0xF88AF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8C15000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF8787000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF363F000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xF88E7000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xF88F7000 \SystemRoot\system32\DRIVERS\purendis.sys
0xF3306000 \SystemRoot\system32\drivers\wdmaud.sys
0xF345B000 \SystemRoot\system32\drivers\sysaudio.sys
0xF3013000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF2F0A000 \SystemRoot\System32\Drivers\HTTP.sys
0xF2D4B000 \SystemRoot\system32\DRIVERS\srv.sys
0xF2DBE000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 51):
0 System Idle Process
4 System
884 C:\WINDOWS\system32\smss.exe
936 csrss.exe
964 C:\WINDOWS\system32\winlogon.exe
1008 C:\WINDOWS\system32\services.exe
1020 C:\WINDOWS\system32\lsass.exe
1196 C:\WINDOWS\system32\ati2evxx.exe
1212 C:\WINDOWS\system32\svchost.exe
1308 svchost.exe
1404 C:\WINDOWS\system32\svchost.exe
1436 C:\WINDOWS\system32\svchost.exe
1540 svchost.exe
1660 svchost.exe
1892 C:\WINDOWS\system32\spoolsv.exe
516 C:\WINDOWS\explorer.exe
592 svchost.exe
628 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
492 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
900 C:\Program Files\Bonjour\mDNSResponder.exe
240 C:\WINDOWS\ehome\ehrecvr.exe
1428 C:\WINDOWS\ehome\ehSched.exe
1568 C:\Program Files\Java\jre6\bin\jqs.exe
1688 C:\Program Files\Maxtor\Sync\SyncServices.exe
440 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
300 C:\Program Files\AVG\AVG8\avgrsx.exe
868 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
2028 C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
2108 svchost.exe
2120 C:\WINDOWS\system32\svchost.exe
2280 C:\PROGRA~1\AVG\AVG8\avgemc.exe
2400 mcrdsvc.exe
2552 HP1006MC.EXE
2560 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
2704 C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
2760 C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
2800 C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
2876 C:\Program Files\iTunes\iTunesHelper.exe
2944 C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
2996 C:\Program Files\AVG\AVG8\avgcsrvx.exe
3004 C:\Program Files\Canon\CAL\CALMAIN.exe
3020 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3116 C:\WINDOWS\system32\ctfmon.exe
2536 C:\WINDOWS\system32\dllhost.exe
668 C:\Program Files\iPod\bin\iPodService.exe
3440 alg.exe
3144 C:\WINDOWS\system32\svchost.exe
1824 C:\Program Files\Internet Explorer\iexplore.exe
528 C:\Program Files\ATnotes\ATnotes.exe
2888 C:\WINDOWS\system32\notepad.exe
3820 C:\Documents and Settings\Mel Broad\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive5 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500JS-75NCB1, Rev: 10.02E01
PhysicalDrive5 Model Number: MaxtorOneTouch II, Rev: 023g

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E
189 GB \\.\PhysicalDrive5 Unknown MBR code
SHA1: AEE69AA7E7B8C162057AA1360AD4B0C5EC89E893

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

broni · 2010/08/21

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

lmsj2010 · 2010/08/21

ComboFix 10-08-21.01 - Mel Broad 08/21/2010 19:45:14.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.213 [GMT -4:00]
Running from: c:\documents and settings\Mel Broad\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

J:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-10 18:34 . 2010-08-10 18:34 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Mozilla
2010-08-10 01:14 . 2010-08-10 01:14 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Opera
2010-08-08 23:37 . 2010-08-08 23:37 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Temp
2010-08-04 13:25 . 2010-08-04 13:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 11:44 . 2010-08-04 11:44 -------- d-----w- c:\documents and settings\sam broad\Application Data\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 22:17 . 2006-03-09 03:23 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\AdobeUM
2010-08-20 02:30 . 2010-05-11 00:50 256 ----a-w- c:\windows\system32\pool.bin
2010-08-11 20:46 . 2009-05-20 18:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-11 20:15 . 2008-12-29 20:30 27632 ----a-w- c:\documents and settings\sam broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 18:56 . 2008-11-06 14:38 -------- d-----w- c:\program files\CCleaner
2010-08-08 20:32 . 2006-03-09 00:02 27632 ----a-w- c:\documents and settings\Mel Broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-04 13:25 . 2006-02-21 19:03 -------- d-----w- c:\program files\Java
2010-08-04 10:34 . 2010-08-04 10:34 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcp71.dll
2010-08-04 10:34 . 2010-08-04 10:34 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\jmc.dll
2010-08-04 10:34 . 2010-08-04 10:34 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-d3d.dll
2010-08-04 10:34 . 2010-08-04 10:34 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-sse.dll
2010-08-04 10:34 . 2010-08-04 10:34 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcr71.dll
2010-08-03 07:29 . 2010-08-03 07:29 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcp71.dll
2010-08-03 07:29 . 2010-08-03 07:29 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-d3d.dll
2010-08-03 07:29 . 2010-08-03 07:28 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-sse.dll
2010-08-03 07:29 . 2010-08-03 07:28 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\jmc.dll
2010-08-03 07:28 . 2010-08-03 07:28 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcr71.dll
2010-07-21 23:27 . 2006-03-18 17:04 -------- d-----w- c:\program files\Citrix
2010-07-20 09:35 . 2010-07-13 02:27 0 ----a-w- c:\windows\Pqakujaneca.bin
2010-07-17 09:00 . 2010-04-21 12:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 02:25 . 2008-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:04 . 2006-03-11 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:28 . 2009-05-15 23:57 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\uTorrent
2010-06-24 12:15 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2005-08-16 09:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-21 18:43 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 09:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 17:46 . 2010-06-10 17:46 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcp71.dll
2010-06-10 17:46 . 2010-06-10 17:46 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\jmc.dll
2010-06-10 17:46 . 2010-06-10 17:46 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-d3d.dll
2010-06-10 17:46 . 2010-06-10 17:46 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-sse.dll
2010-06-10 17:46 . 2010-06-10 17:46 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcr71.dll
2010-05-25 07:26 . 2010-05-25 07:26 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcp71.dll
2010-05-25 07:26 . 2010-05-25 07:26 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-sse.dll
2010-05-25 07:26 . 2010-05-25 07:26 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\jmc.dll
2010-05-25 07:26 . 2010-05-25 07:26 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcr71.dll
2010-05-25 07:26 . 2010-05-25 07:26 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-d3d.dll
2006-03-10 03:56 . 2006-03-09 00:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AcronisTimounterMonitor "= "c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
2005-01-05 20:45 1015808 ----a-w- c:\program files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 23:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 19:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)
"DisableNotifications "= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Mel Broad\\My Documents\\utorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2008 1:51 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2008 1:51 PM 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/17/2010 9:32 AM 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2009 8:53 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/15/2008 1:51 PM 297752]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-09 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-23 13:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Mel Broad\Application Data\Mozilla\Firefox\Profiles\ylizrc6t.default\
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} - c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 19:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-21 20:04:33
ComboFix-quarantined-files.txt 2010-08-22 00:04

Pre-Run: 72,524,140,544 bytes free
Post-Run: 72,530,616,320 bytes free

- - End Of File - - 99F7F4F30F44851A877F1C601618782A

broni · 2010/08/21

Not much there...

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\Pqakujaneca.bin

DDS::
uInternet Settings,ProxyOverride = <local>

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
 "EnableFirewall "=dword:00000001
 "DisableNotifications "=dword:00000000
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

lmsj2010 · 2010/08/21

ComboFix 10-08-21.01 - Mel Broad 08/21/2010 20:35:48.8.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.294 [GMT -4:00]
Running from: c:\documents and settings\Mel Broad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mel Broad\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Pqakujaneca.bin "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Pqakujaneca.bin

.
((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-10 18:34 . 2010-08-10 18:34 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Mozilla
2010-08-10 01:14 . 2010-08-10 01:14 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Opera
2010-08-08 23:37 . 2010-08-08 23:37 -------- d-----w- c:\documents and settings\Mel Broad\Local Settings\Application Data\Temp
2010-08-04 13:25 . 2010-08-04 13:25 -------- d-----w- c:\program files\Common Files\Java
2010-08-04 11:44 . 2010-08-04 11:44 -------- d-----w- c:\documents and settings\sam broad\Application Data\Research In Motion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 22:17 . 2006-03-09 03:23 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\AdobeUM
2010-08-20 02:30 . 2010-05-11 00:50 256 ----a-w- c:\windows\system32\pool.bin
2010-08-11 20:46 . 2009-05-20 18:12 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-11 20:15 . 2008-12-29 20:30 27632 ----a-w- c:\documents and settings\sam broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-10 18:56 . 2008-11-06 14:38 -------- d-----w- c:\program files\CCleaner
2010-08-08 20:32 . 2006-03-09 00:02 27632 ----a-w- c:\documents and settings\Mel Broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-04 13:25 . 2006-02-21 19:03 -------- d-----w- c:\program files\Java
2010-08-04 10:34 . 2010-08-04 10:34 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcp71.dll
2010-08-04 10:34 . 2010-08-04 10:34 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\jmc.dll
2010-08-04 10:34 . 2010-08-04 10:34 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-d3d.dll
2010-08-04 10:34 . 2010-08-04 10:34 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-44b1d95d-n\decora-sse.dll
2010-08-04 10:34 . 2010-08-04 10:34 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-176c4381-n\msvcr71.dll
2010-08-03 07:29 . 2010-08-03 07:29 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcp71.dll
2010-08-03 07:29 . 2010-08-03 07:29 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-d3d.dll
2010-08-03 07:29 . 2010-08-03 07:28 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-41af68e3-n\decora-sse.dll
2010-08-03 07:29 . 2010-08-03 07:28 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\jmc.dll
2010-08-03 07:28 . 2010-08-03 07:28 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c34d76e-n\msvcr71.dll
2010-07-21 23:27 . 2006-03-18 17:04 -------- d-----w- c:\program files\Citrix
2010-07-17 09:00 . 2010-04-21 12:36 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-17 02:25 . 2008-10-15 17:51 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-06-30 12:31 . 2005-08-16 09:18 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-28 03:04 . 2006-03-11 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-25 01:28 . 2009-05-15 23:57 -------- d-----w- c:\documents and settings\Mel Broad\Application Data\uTorrent
2010-06-24 12:15 . 2005-08-16 09:18 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2005-08-16 09:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2005-08-16 09:18 17408 ------w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2005-08-16 09:18 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2006-02-21 18:43 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2005-08-16 09:18 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2005-08-16 09:40 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2005-08-16 09:18 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 17:46 . 2010-06-10 17:46 503808 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcp71.dll
2010-06-10 17:46 . 2010-06-10 17:46 499712 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\jmc.dll
2010-06-10 17:46 . 2010-06-10 17:46 12800 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-d3d.dll
2010-06-10 17:46 . 2010-06-10 17:46 61440 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6ba352da-n\decora-sse.dll
2010-06-10 17:46 . 2010-06-10 17:46 348160 ----a-w- c:\documents and settings\sam broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-67461809-n\msvcr71.dll
2010-05-25 07:26 . 2010-05-25 07:26 503808 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcp71.dll
2010-05-25 07:26 . 2010-05-25 07:26 61440 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-sse.dll
2010-05-25 07:26 . 2010-05-25 07:26 499712 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\jmc.dll
2010-05-25 07:26 . 2010-05-25 07:26 348160 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2798bc47-n\msvcr71.dll
2010-05-25 07:26 . 2010-05-25 07:26 12800 ----a-w- c:\documents and settings\Mel Broad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-167eeb12-n\decora-d3d.dll
2006-03-10 03:56 . 2006-03-09 00:02 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSKDetectorExe "= "c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"igfxtray "= "c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd "= "c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers "= "c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AcronisTimounterMonitor "= "c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service "= "c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"mxomssmenu "= "c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"BlackBerryAutoUpdate "= "c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-31 03:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk
backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-08-06 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATnotes.exe]
2005-01-05 20:45 1015808 ----a-w- c:\program files\ATnotes\ATnotes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-10-17 01:40 1197648 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscWizardMonitor.exe]
2008-06-24 23:52 1325848 ----a-w- c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-02-23 21:19 53248 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-09-29 19:01 67584 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-02-21 19:21 169472 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 15:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 05:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-23 04:20 339968 ----a-w- c:\windows\stsystra.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE "=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe "=
"c:\\Program Files\\uTorrent\\uTorrent.exe "=
"c:\\Documents and Settings\\Mel Broad\\My Documents\\utorrent.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/15/2008 1:51 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/15/2008 1:51 PM 108552]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/17/2010 9:32 AM 93872]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/5/2009 8:53 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/15/2008 1:51 PM 297752]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
.
Contents of the 'Scheduled Tasks' folder

2010-08-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.espn.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Mel Broad\Application Data\Mozilla\Firefox\Profiles\ylizrc6t.default\
FF - prefs.js: browser.startup.homepage - www.nytimes.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} - c:\documents and settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 20:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-08-21 20:52:16
ComboFix-quarantined-files.txt 2010-08-22 00:52
ComboFix2.txt 2010-08-22 00:04

Pre-Run: 72,539,918,336 bytes free
Post-Run: 72,515,248,128 bytes free

- - End Of File - - DE785D560D7BD04B4840030AC92DF8C5

broni · 2010/08/21

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

lmsj2010 · 2010/08/21

Hello,

I am unable to remove combofix from my computer. I tried 3 times with no luck.

broni · 2010/08/21

Delete Combofix manually....
Delete Combofix, Qoobox folders,and Combofix.txt file from C:
Delete Combofix from your desktop

lmsj2010 · 2010/08/21

OTL logfile created on: 8/21/2010 10:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mel Broad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 267.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 67.58 Gb Free Space | 29.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 189.92 Gb Total Space | 42.86 Gb Free Space | 22.57% Space Free | Partition Type: NTFS

Computer Name: D8JWMJ91
Current User Name: Mel Broad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/21 21:21:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/19 22:29:16 | 000,623,960 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/30 23:08:30 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/30 23:08:20 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/30 23:07:55 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/08/30 23:07:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/30 23:05:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/07/21 17:16:06 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/06/24 20:06:22 | 000,904,768 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2008/06/24 19:56:52 | 000,136,472 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2008/04/28 07:14:00 | 000,073,728 | ---- | M] (Software 2000 Limited) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (SafeList) ==========

MOD - [2010/08/21 21:21:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/30 23:07:35 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/30 23:05:44 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/06/24 19:56:38 | 000,431,384 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2007/01/31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\MELBRO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/08/30 23:08:25 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/30 23:08:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/15 10:15:10 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/08/15 10:15:10 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/08/15 10:15:03 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/08/15 10:14:52 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/08/05 15:58:40 | 000,093,872 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/02 09:45:16 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/11/16 22:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/04 05:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/11/17 22:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 22:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 22:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/10/10 05:23:48 | 000,032,640 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MXOFX.SYS -- (MXOFX) USB Storage Adapter FX (MXO)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.espn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.nytimes.com "
FF - prefs.js..extensions.enabledItems: {8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}:1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1 "
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9} [2010/07/12 22:27:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/10 14:34:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/10 14:33:46 | 000,000,000 | ---D | M]

[2010/08/10 14:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Mozilla\Extensions
[2010/08/17 20:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Mozilla\Firefox\Profiles\ylizrc6t.default\extensions
[2010/08/10 14:44:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mel Broad\Application Data\Mozilla\Firefox\Profiles\ylizrc6t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/10 14:33:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/08/21 20:45:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} http://picture.vzw.com/activex/VerizonWirelessUploadControl.cab (Verizon Wireless Media Upload)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/08/21 21:11:53 | 000,000,059 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/21 22:44:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/21 21:43:46 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2010/08/21 21:22:15 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
[2010/08/21 19:41:27 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/21 19:41:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/21 19:41:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/21 19:41:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/20 21:03:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Mel Broad\Recent
[2010/08/10 14:54:35 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Mel Broad\My Documents\ccsetup234.exe
[2010/08/10 14:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Mozilla
[2010/08/10 14:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Application Data\Mozilla
[2010/08/10 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/09 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Opera
[2010/08/09 21:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Application Data\Opera
[2010/08/09 21:12:03 | 010,835,784 | ---- | C] (Opera Software ASA) -- C:\Documents and Settings\Mel Broad\My Documents\Opera_1060_en_Setup.exe
[2010/08/08 19:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\Temp
[2010/08/06 17:51:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/04 09:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/12 22:27:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\{8FE38891-27A0-4D48-9ABC-0ED79A2A74D9}
[2010/07/12 22:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\hqtkohwno
[2010/06/26 11:18:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\qdsvnimkr
[38 C:\Documents and Settings\Mel Broad\My Documents\*.tmp files -> C:\Documents and Settings\Mel Broad\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/21 21:52:16 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/21 21:50:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/21 21:50:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/21 21:50:42 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 21:49:08 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\Mel Broad\ntuser.dat
[2010/08/21 21:49:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mel Broad\ntuser.ini
[2010/08/21 21:48:30 | 000,000,347 | ---- | M] () -- C:\Start_.cmd
[2010/08/21 21:21:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mel Broad\Desktop\OTL.exe
[2010/08/21 20:45:56 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/21 20:45:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/21 18:44:52 | 063,689,248 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/20 21:38:58 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\MBRCheck.exe
[2010/08/20 21:38:37 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\0tzg9b21.exe
[2010/08/20 20:50:40 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\dds.scr
[2010/08/20 20:15:47 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\manual ebay.doc
[2010/08/19 23:19:47 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/19 22:44:17 | 000,224,741 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Balance2.wks
[2010/08/19 22:44:17 | 000,019,591 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Soverign (mbsports44).wks
[2010/08/19 22:30:45 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/08/18 13:35:52 | 000,023,749 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\sovereign.wks
[2010/08/16 20:54:15 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/11 16:46:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/11 04:33:37 | 000,136,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/11 03:46:59 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/11 03:31:10 | 000,507,752 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/11 03:31:10 | 000,445,790 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/11 03:31:10 | 000,072,996 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/10 14:56:17 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\CCleaner.lnk
[2010/08/10 14:54:42 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Mel Broad\My Documents\ccsetup234.exe
[2010/08/10 14:33:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 14:33:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/09 21:12:13 | 010,835,784 | ---- | M] (Opera Software ASA) -- C:\Documents and Settings\Mel Broad\My Documents\Opera_1060_en_Setup.exe
[2010/08/08 16:32:25 | 000,027,632 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/14 22:26:56 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps3.wps
[2010/07/14 22:26:39 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps2.wps
[2010/07/06 16:54:25 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Desktop\Microsoft Office Outlook 2003.lnk
[2010/06/29 17:11:31 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\throat.doc
[2010/06/24 16:35:22 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 12.doc
[2010/06/24 15:57:01 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 11.doc
[2010/06/23 06:36:52 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mel Broad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/21 23:01:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/06/15 07:56:41 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\What I like that my dad does.doc
[2010/06/13 16:43:18 | 000,141,667 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\dadfathersday2010.jpg
[2010/06/13 16:28:08 | 002,819,419 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\Dad2010.jpg
[2010/06/13 16:22:59 | 000,119,490 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\elliotfathersday2010.jpg
[2010/06/12 07:37:32 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\the winner of quiet idol 2010 is jake broad.doc
[2010/06/12 07:35:44 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet is Mel broad.doc
[2010/06/11 16:22:52 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is lisa broad.doc
[2010/06/10 19:43:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\3 Qustions using spelling words.doc
[2010/06/09 16:55:21 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is Jake Broa1.doc
[2010/06/08 19:11:49 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\All of the words for ABC Order.doc
[2010/06/08 08:50:02 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\vegie chili.doc
[2010/06/07 19:22:47 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\8 jazzy sentences.doc
[2010/06/03 20:46:13 | 004,479,558 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\babaO.mp3
[2010/06/03 14:35:24 | 170,881,748 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod092608.mp3
[2010/06/03 14:31:30 | 135,366,921 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod110708.mp3
[2010/06/03 14:29:30 | 106,386,020 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod122608.mp3
[2010/06/02 17:01:23 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\8 Words for ABC Order.doc
[2010/06/01 16:07:43 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy sentences.doc
[2010/05/31 19:13:12 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\utensils and work suplises.doc
[2010/05/28 22:00:25 | 138,135,339 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\dead 8-25-72.mp3
[2010/05/28 18:48:11 | 000,015,439 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\cutting_shapes.pdf
[2010/05/25 15:02:12 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\butterfly.doc
[2010/05/24 15:51:25 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Mel Broad\My Documents\6 Jazzy sentences.doc
[38 C:\Documents and Settings\Mel Broad\My Documents\*.tmp files -> C:\Documents and Settings\Mel Broad\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/21 21:48:30 | 000,000,347 | ---- | C] () -- C:\Start_.cmd
[2010/08/21 19:41:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/21 19:41:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/21 19:41:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/21 06:59:54 | 534,925,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/20 21:38:56 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Desktop\MBRCheck.exe
[2010/08/20 21:38:35 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Desktop\0tzg9b21.exe
[2010/08/20 20:51:04 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Desktop\dds.scr
[2010/08/20 19:37:34 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\manual ebay.doc
[2010/08/10 14:33:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/10 14:33:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/06 14:34:12 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/06 14:34:12 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/14 22:26:56 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\program policy.wps3.wps
[2010/06/29 10:58:35 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\throat.doc
[2010/06/24 15:57:01 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 11.doc
[2010/06/24 15:42:27 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\American Idol contestonts songs top 12.doc
[2010/06/15 07:56:40 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\What I like that my dad does.doc
[2010/06/13 16:43:17 | 000,141,667 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\dadfathersday2010.jpg
[2010/06/13 16:28:04 | 002,819,419 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\Dad2010.jpg
[2010/06/13 16:22:59 | 000,119,490 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\elliotfathersday2010.jpg
[2010/06/12 07:35:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet is Mel broad.doc
[2010/06/11 16:20:14 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is lisa broad.doc
[2010/06/10 19:43:20 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\3 Qustions using spelling words.doc
[2010/06/09 16:54:41 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\The winner of quiet idol 2010 is Jake Broa1.doc
[2010/06/09 16:47:37 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\the winner of quiet idol 2010 is jake broad.doc
[2010/06/08 19:11:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\All of the words for ABC Order.doc
[2010/06/07 19:22:46 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\8 jazzy sentences.doc
[2010/06/07 12:36:14 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\vegie chili.doc
[2010/06/03 20:46:09 | 004,479,558 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\babaO.mp3
[2010/06/03 14:33:26 | 170,881,748 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod092608.mp3
[2010/06/03 14:31:06 | 135,366,921 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod110708.mp3
[2010/06/03 14:29:10 | 106,386,020 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\deadpod122608.mp3
[2010/06/01 16:07:43 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\4 Jazzy sentences.doc
[2010/05/31 19:13:11 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\utensils and work suplises.doc
[2010/05/28 21:59:35 | 138,135,339 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\dead 8-25-72.mp3
[2010/05/28 18:47:33 | 000,015,439 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\cutting_shapes.pdf
[2010/05/25 14:56:31 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\butterfly.doc
[2010/05/24 15:51:25 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Mel Broad\My Documents\6 Jazzy sentences.doc
[2010/04/14 09:06:40 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/04/12 20:25:12 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aB6G3tn
[2010/04/12 20:25:11 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aB6G3tn
[2010/04/12 17:37:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7ubjhJ.dat
[2009/10/10 19:39:46 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2008/11/21 17:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 17:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 17:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/06/20 21:50:47 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HPPLVS.dll
[2007/06/11 14:24:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\hppatusg01.dll
[2007/05/13 19:58:44 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\resourceGeneric.dll
[2006/11/03 23:05:36 | 000,002,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/05/25 17:49:07 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wizards.ini
[2006/03/14 12:19:32 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/08 23:43:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/03/08 23:41:52 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2006/03/08 20:02:07 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/08 18:39:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/03/08 18:12:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mel Broad\Local Settings\Application Data\fusioncache.dat
[2006/02/21 15:24:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/21 15:14:57 | 000,000,361 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/21 15:11:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/21 14:44:40 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2006/02/21 15:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007/08/16 19:31:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2010/04/14 11:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/08/15 10:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/05/09 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/08/15 09:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RetroExp
[2009/08/15 10:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2007/02/02 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/06/24 22:17:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/19 21:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/12 11:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/15 22:56:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/15 22:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\dBpoweramp
[2009/07/23 15:35:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\IObit
[2006/09/11 20:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Leadertech
[2009/07/23 15:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\MSNInstaller
[2006/03/08 21:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Nikon
[2010/08/09 21:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Opera
[2010/05/09 21:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Research In Motion
[2006/03/15 12:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Snapfish
[2009/10/31 08:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\TweakNow RegCleaner
[2010/06/24 21:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\uTorrent
[2007/02/12 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Viewpoint

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/12 08:17:00 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/04/17 21:40:38 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/02/21 14:51:54 | 000,006,619 | RH-- | M] () -- C:\dell.sdr
[2010/08/21 21:50:42 | 534,925,312 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/08 20:45:49 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/02/21 15:14:47 | 000,000,839 | -H-- | M] () -- C:\IPH.PH
[2010/04/21 23:57:00 | 000,000,285 | ---- | M] () -- C:\JavaRa.log
[2010/04/29 19:30:51 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/20 00:12:05 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/21 21:50:41 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2009/06/19 23:05:01 | 000,000,286 | ---- | M] () -- C:\post.log
[2010/08/21 21:48:30 | 000,000,347 | ---- | M] () -- C:\Start_.cmd
[2006/02/21 15:14:56 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2004/06/15 01:00:00 | 000,017,920 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD61.DLL
[2006/11/06 01:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8O.DLL
[2004/06/15 01:00:00 | 000,054,272 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP61.DLL
[2006/11/06 01:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8O.DLL
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/04/28 07:14:02 | 000,293,888 | ---- | M] (Hewlett-Packard ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1006S.DLL
[2007/04/09 14:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 372 bytes -> C:\WINDOWS\System32\drivers\pcppnwtq.sys:changelist
< End of report >

lmsj2010 · 2010/08/21

OTL Extras logfile created on: 8/21/2010 10:51:54 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Mel Broad\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 267.00 Mb Available Physical Memory | 52.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 67.58 Gb Free Space | 29.63% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 189.92 Gb Total Space | 42.86 Gb Free Space | 22.57% Space Free | Partition Type: NTFS

Computer Name: D8JWMJ91
Current User Name: Mel Broad
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\HP1006MC.EXE:*:Enabled:SMLMProxy Module - HP1006MC.EXE -- (Software 2000 Limited)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Mel Broad\My Documents\utorrent.exe" = C:\Documents and Settings\Mel Broad\My Documents\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series" = Canon iP1800 series
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate*DiscWizard
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}" = Canon PhotoRecord
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"ATnotes_is1" = ATnotes Version 9.5
"AVG8Uninstall" = AVG 8.5
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Canon iP1800 series User Registration" = Canon iP1800 series User Registration
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Shorten Codec" = dBpoweramp Shorten Codec
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MXOFX" = USB Storage Adapter FX (MXO)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Network MagicUninstall" = Network Magic
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Smart Defrag_is1" = Smart Defrag 1.20
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"TweakNow RegCleaner_is1" = TweakNow RegCleaner
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.5
"Works99Setup" = Microsoft Works Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2010 8:40:52 PM | Computer Name = D8JWMJ91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2010 2:16:00 PM | Computer Name = D8JWMJ91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2010 10:01:48 PM | Computer Name = D8JWMJ91 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/16/2010 2:54:16 PM | Computer Name = D8JWMJ91 | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.401, faulting module
avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Error - 8/18/2010 7:39:59 AM | Computer Name = D8JWMJ91 | Source = Application Error | ID = 1000
Description = Faulting application avgnsx.exe, version 8.5.0.401, faulting module
avgxpl.dll, version 8.5.0.401, fault address 0x00021592.

Error - 8/18/2010 2:58:13 PM | Computer Name = D8JWMJ91 | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/18/2010 10:54:13 PM | Computer Name = D8JWMJ91 | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/18/2010 10:58:15 PM | Computer Name = D8JWMJ91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2010 10:33:16 PM | Computer Name = D8JWMJ91 | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 8/20/2010 2:22:57 PM | Computer Name = D8JWMJ91 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.17080, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/20/2010 10:03:47 PM | Computer Name = D8JWMJ91 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 8/20/2010 10:03:49 PM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/20/2010 10:03:59 PM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/21/2010 6:45:25 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/21/2010 6:47:00 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/21/2010 6:47:57 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/21/2010 6:48:29 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/21/2010 6:49:48 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/21/2010 6:50:40 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 8/21/2010 6:51:32 AM | Computer Name = D8JWMJ91 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

broni · 2010/08/21

Your computer could definitely use another 512MB of RAM.

Also, AVG is a known resource hog, so it may slow your computer down, as well.

==================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
[38 C:\Documents and Settings\Mel Broad\My Documents\*.tmp files -> C:\Documents and Settings\Mel Broad\My Documents\*.tmp -> ]
[2010/04/12 20:25:12 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\aB6G3tn
[2010/04/12 20:25:11 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\aB6G3tn
[2010/04/12 17:37:09 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\7ubjhJ.dat
[2007/02/02 20:02:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/12 10:04:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mel Broad\Application Data\Viewpoint
@Alternate Data Stream - 372 bytes -> C:\WINDOWS\System32\drivers\pcppnwtq.sys:changelist


:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
 "EnableFirewall" = dword:00000001
 "DisableNotifications" =dword:00000000

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

lmsj2010 · 2010/08/21

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 8.5
GTOneCare
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
TweakNow RegCleaner
Java(TM) 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Log in or Sign up

Solved Computer running extremely slow.

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Computer running extremely slow.

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

lmsj2010 Inactive Thread Starter

broni Moderator Malware Analyst

lmsj2010 Inactive Thread Starter

Share This Page

Useful Searches