Solved Browser redirect

madmax · 2010/08/20

[Resolved] Browser redirect

Firefox has been opening random tabs to ad sites, and both it and Chrome redirect Google results to other pages. Also, I am unable to post here from that computer, although that may be unrelated, as I've never tried to post here before.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 7:50:05.06 on Fri 08/20/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.819 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\TuxGuitar-Jet\tuxguitar.exe
C:\Program Files\TuxGuitar-Jet\tuxguitar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Application Data\U3\0001E670D283268C\LaunchPad.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mystart.com?pr=oovoo2_2
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Updater For ooVoo Toolbar: {442ae524-eba5-4b17-82f3-888d68bc999a} - c:\program files\oovootb\auxi\oovooAu.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: @c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US /HIDEBL
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1423.0\mswinext.exe "
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268171542000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\lff59mrf.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en.wikipedia.org/wiki/Main_Page
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1423.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-8 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-4 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-4 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-4 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-8-4 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-8-4 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-19 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-11 15008]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2010-08-17 00:25:57 0 d-----w- c:\program files\Audacity
2010-08-16 13:21:40 0 d-----w- c:\program files\NCH Software
2010-08-16 13:21:30 0 d-----w- c:\docume~1\owner\applic~1\NCH Software
2010-08-15 14:56:15 0 d-----w- c:\program files\Trend Micro
2010-08-13 19:26:40 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-11 01:41:10 0 d-----w- c:\docume~1\owner\applic~1\ooVoo Details
2010-08-11 01:41:00 0 d-----w- c:\docume~1\alluse~1\applic~1\EmailNotifier
2010-08-11 01:40:58 0 d-----w- c:\docume~1\owner\applic~1\oovootb
2010-08-11 01:40:57 0 d-----w- c:\program files\oovootb
2010-08-11 01:40:42 0 d-----w- c:\program files\ooVoo
2010-08-11 01:30:46 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-11 01:26:42 0 d-----r- c:\program files\Skype
2010-08-10 23:49:14 0 d-----w- c:\program files\Amazon
2010-08-10 23:41:04 0 d-----w- c:\program files\Firaxis Games
2010-08-10 23:35:38 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-08-10 16:00:37 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 18:31:07 719872 ----a-w- c:\windows\system32\devil.dll
2010-08-09 18:31:07 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-09 18:31:07 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-09 18:31:07 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-08-09 18:31:07 27648 ----a-w- c:\windows\system32\AVSredirect.dll
2010-08-09 18:31:07 0 d-----w- c:\program files\AviSynth 2.5
2010-08-09 18:30:43 0 d-----w- c:\program files\eRightSoft
2010-08-08 20:58:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-08 18:49:49 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-08 18:49:48 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-08 18:38:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-08 18:38:08 0 d-----w- c:\program files\Lavasoft
2010-08-08 13:49:19 0 d-----w- c:\program files\TuxGuitar-Jet
2010-08-07 19:44:59 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-07 16:13:06 5 ----a-w- C:\zrpt.xml
2010-08-07 16:11:36 0 d-----w- C:\$AVG
2010-08-07 16:10:54 0 d-----w- c:\docume~1\owner\applic~1\F43D3944A08E4B1661C012E9507C2B58
2010-08-04 19:22:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-04 19:22:00 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-04 19:21:56 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-04 19:21:52 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-24 16:48:19 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2010-07-24 16:46:47 0 d-----w- c:\docume~1\owner\applic~1\OpenCandy
2010-07-24 16:46:35 1554944 ----a-w- c:\windows\system32\vorbis.acm
2010-07-24 16:46:25 0 d-----w- c:\program files\VstPlugins
2010-07-24 16:46:24 0 d-----w- c:\program files\Outsim
2010-07-24 16:45:08 0 d-----w- c:\program files\Image-Line
2010-07-24 16:36:29 0 d-----w- c:\docume~1\owner\applic~1\Propellerhead Software
2010-07-24 16:36:29 0 d-----w- c:\docume~1\alluse~1\applic~1\Propellerhead Software

==================== Find3M ====================

2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 7:51:28.51 ===============

Attach:

Admin. · 2010/08/20

Please post Attach log content. You posted DDS log twice.

madmax · 2010/08/20

Oops, sorry about that.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/9/2010 1:57:24 PM
System Uptime: 8/19/2010 12:45:08 PM (19 hours ago)

Motherboard: Dell Inc. | | 0CT017
Processor: Intel(R) Core(TM)2 CPU 6420 @ 2.13GHz | Microprocessor | 2128/1066mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 130.387 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP86: 5/22/2010 10:11:38 AM - System Checkpoint
RP87: 5/23/2010 11:45:35 AM - System Checkpoint
RP88: 5/24/2010 4:05:49 PM - System Checkpoint
RP89: 5/25/2010 5:48:51 PM - System Checkpoint
RP90: 5/26/2010 6:03:05 AM - Software Distribution Service 3.0
RP91: 5/27/2010 6:21:18 AM - System Checkpoint
RP92: 5/29/2010 12:44:28 PM - System Checkpoint
RP93: 5/30/2010 2:35:06 PM - System Checkpoint
RP94: 5/31/2010 3:22:54 PM - System Checkpoint
RP95: 6/1/2010 4:16:27 PM - System Checkpoint
RP96: 6/2/2010 8:55:29 AM - Avg Update
RP97: 6/3/2010 9:31:24 AM - System Checkpoint
RP98: 6/4/2010 6:30:57 PM - System Checkpoint
RP99: 6/5/2010 9:11:06 PM - System Checkpoint
RP100: 6/8/2010 6:10:34 PM - System Checkpoint
RP101: 6/9/2010 6:12:23 PM - System Checkpoint
RP102: 6/10/2010 8:48:18 PM - System Checkpoint
RP103: 6/11/2010 6:35:16 AM - Software Distribution Service 3.0
RP104: 6/12/2010 7:11:03 AM - System Checkpoint
RP105: 6/13/2010 8:05:52 AM - System Checkpoint
RP106: 6/14/2010 8:23:54 AM - System Checkpoint
RP107: 6/15/2010 12:17:16 PM - System Checkpoint
RP108: 6/16/2010 12:19:42 PM - System Checkpoint
RP109: 6/17/2010 1:08:29 PM - System Checkpoint
RP110: 6/17/2010 4:34:39 PM - Software Distribution Service 3.0
RP111: 6/17/2010 4:35:00 PM - Installed Zune 4.2
RP112: 6/17/2010 4:41:08 PM - Installed Windows XP Wudf01009.
RP113: 6/17/2010 4:42:05 PM - Installed Windows XP winusb0100.
RP114: 6/18/2010 5:37:02 PM - System Checkpoint
RP115: 6/19/2010 7:38:05 PM - System Checkpoint
RP116: 6/21/2010 9:08:18 AM - System Checkpoint
RP117: 6/22/2010 10:35:57 AM - System Checkpoint
RP118: 6/23/2010 11:00:39 AM - System Checkpoint
RP119: 6/24/2010 7:51:31 AM - Software Distribution Service 3.0
RP120: 6/25/2010 7:58:57 AM - System Checkpoint
RP121: 6/25/2010 9:13:04 AM - Avg Update
RP122: 6/26/2010 11:08:22 AM - Software Distribution Service 3.0
RP123: 6/27/2010 12:23:39 PM - System Checkpoint
RP124: 6/28/2010 12:44:26 PM - System Checkpoint
RP125: 6/29/2010 1:06:18 PM - System Checkpoint
RP126: 6/30/2010 1:43:08 PM - System Checkpoint
RP127: 7/1/2010 3:31:31 PM - System Checkpoint
RP128: 7/3/2010 1:36:14 PM - System Checkpoint
RP129: 7/4/2010 2:10:43 PM - System Checkpoint
RP130: 7/5/2010 2:12:21 PM - System Checkpoint
RP131: 7/6/2010 6:01:14 PM - System Checkpoint
RP132: 7/7/2010 6:50:22 PM - System Checkpoint
RP133: 7/8/2010 7:25:39 PM - System Checkpoint
RP134: 7/9/2010 8:23:33 PM - System Checkpoint
RP135: 7/10/2010 9:14:26 PM - System Checkpoint
RP136: 7/12/2010 8:29:11 AM - System Checkpoint
RP137: 7/13/2010 10:43:20 AM - System Checkpoint
RP138: 7/14/2010 11:26:50 AM - System Checkpoint
RP139: 7/15/2010 6:01:05 AM - Software Distribution Service 3.0
RP140: 7/15/2010 9:13:22 AM - Avg Update
RP141: 7/15/2010 9:14:59 AM - Avg Update
RP142: 7/16/2010 9:35:26 AM - System Checkpoint
RP143: 7/17/2010 10:44:33 AM - System Checkpoint
RP144: 7/18/2010 11:12:40 AM - System Checkpoint
RP145: 7/19/2010 1:29:14 PM - System Checkpoint
RP146: 7/19/2010 9:07:39 PM - Removed AVG Free 9.0
RP147: 7/19/2010 9:08:44 PM - Installed AVG Free 9.0
RP148: 7/20/2010 10:33:35 PM - System Checkpoint
RP149: 7/22/2010 8:50:20 AM - System Checkpoint
RP150: 7/23/2010 9:50:55 AM - System Checkpoint
RP151: 7/24/2010 10:26:05 AM - System Checkpoint
RP152: 7/25/2010 10:38:01 AM - System Checkpoint
RP153: 7/26/2010 11:10:09 AM - System Checkpoint
RP154: 7/27/2010 11:24:13 AM - System Checkpoint
RP155: 7/28/2010 12:00:35 PM - System Checkpoint
RP156: 7/29/2010 2:04:00 PM - System Checkpoint
RP157: 7/30/2010 2:53:54 PM - System Checkpoint
RP158: 7/31/2010 3:52:29 PM - System Checkpoint
RP159: 8/1/2010 4:15:53 PM - System Checkpoint
RP160: 8/2/2010 5:08:57 PM - System Checkpoint
RP161: 8/3/2010 5:09:24 PM - System Checkpoint
RP162: 8/4/2010 7:44:40 AM - Software Distribution Service 3.0
RP163: 8/4/2010 3:19:16 PM - Installed AVG Free 9.0
RP164: 8/5/2010 7:07:43 AM - Avg Update
RP165: 8/6/2010 7:37:20 AM - System Checkpoint
RP166: 8/7/2010 9:28:34 AM - System Checkpoint
RP167: 8/7/2010 3:44:36 PM - Restore Operation
RP168: 8/8/2010 9:55:27 AM - Restore Operation
RP169: 8/8/2010 1:46:52 PM - Restore Operation
RP170: 8/9/2010 3:44:37 PM - System Checkpoint
RP171: 8/10/2010 11:59:42 AM - Installed Java(TM) 6 Update 21
RP172: 8/10/2010 7:35:29 PM - Installed DirectX 9.0
RP173: 8/10/2010 7:41:06 PM - Installed Sid Meier's Civilization 4
RP174: 8/10/2010 7:57:59 PM - Configured Sid Meier's Civilization 4
RP175: 8/10/2010 8:02:14 PM - Installed Sid Meier's Civilization 4 - Warlords
RP176: 8/10/2010 8:39:32 PM - Installed DirectX
RP177: 8/10/2010 8:40:40 PM - Configured Sid Meier's Civilization 4
RP178: 8/10/2010 8:42:01 PM - Configured Sid Meier's Civilization 4 - Warlords
RP179: 8/10/2010 8:42:43 PM - Installed Sid Meier's Civilization 4 - Beyond the Sword
RP180: 8/11/2010 9:25:07 PM - System Checkpoint
RP181: 8/13/2010 8:26:01 AM - System Checkpoint
RP182: 8/14/2010 8:38:58 AM - System Checkpoint
RP183: 8/15/2010 8:54:00 AM - System Checkpoint
RP184: 8/15/2010 10:54:15 AM - Installed DirectX
RP185: 8/15/2010 10:54:38 AM - Installed Sid Meier's Civilization 4 - Beyond the Sword
RP186: 8/16/2010 12:25:13 PM - System Checkpoint
RP187: 8/19/2010 9:02:58 AM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
AIM 7
Alien Swarm
Amazon MP3 Downloader 1.0.10
Audacity 1.2.6
AVG Free 9.0
Bing Bar
Bing Bar Platform
BlueJ 2.5.3
ClassicPro© v1.14
Combat Mission Shock Force
Debut Video Capture Software
Download Updater (AOL LLC)
Exact Audio Copy 0.99pb5
FL Studio 9
foobar2000 v1.0.2.1
Galactic Civilizations II
Galactic Civilizations II - Gold Edition
GalCiv II - Dark Avatar
Google Chrome
Google Earth
Google Update Helper
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
Impulse
Intel(R) PRO Network Connections Drivers
Java Auto Updater
Java DB 10.5.3.0
Java(TM) 6 Update 21
Java(TM) SE Development Kit 6 Update 18
Linksys Wireless-G PCI Adapter
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft WinUsb 1.0
Mozilla Firefox (3.6.8)
Mp3tag v2.46a
NVIDIA Drivers
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
OpenOffice.org 3.2
PoiZone
Portal
Python 3.1.1
Sawer
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Sid Meier's Civilization 4
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 - Warlords
SigmaTel Audio
Skype Toolbars
Skypeâ„¢ 4.2
Spybot - Search & Destroy
Stardock Central
Steam
SUPER © Version 2010.bld.38 (May 2, 2010)
Team Fortress 2
Toxic Biohazard
TuxGuitar 1.2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB978207)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
Vuze
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Zune
Zune Language Pack (DE)
Zune Language Pack (ES)
Zune Language Pack (FR)
Zune Language Pack (IT)

==== Event Viewer Messages From Past Week ========

8/15/2010 9:03:35 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/15/2010 8:48:37 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/14/2010 12:38:29 PM, error: Dhcp [1002] - The IP address lease 192.168.2.102 for the Network Card with network address 001C10E34B14 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
8/14/2010 11:35:58 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

broni · 2010/08/20

Welcome aboard

STEP 1. Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

STEP 3. Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

madmax · 2010/08/22

Heres the MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4455

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/20/2010 8:36:28 PM
mbam-log-2010-08-20 (20-36-28).txt

Scan type: Quick scan
Objects scanned: 138578
Time elapsed: 12 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> No action taken.

Folders Infected:
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> No action taken.

Files Infected:
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> No action taken.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> No action taken.

I had some problems with GMER. I ran it, then when I came back to the computer, the window had closed, so I couldn't save the log. This happened twice, so I tried in safe mode. This worked, but it did not find a lot of things it found fairly early on when not in safe mode. Anyways, heres the log from it running in safe mode:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-21 22:07:33
Windows 5.1.2600 Service Pack 3
Running: k52m1bbl.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxkdafob.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- EOF - GMER 1.0.15 ----

And heres the MBR log:
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 109):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA328000 PartMgr.sys
0xBA0C8000 VolSnap.sys
0xB9E8B000 iaStor.sys
0xBA330000 cercsr6.sys
0xB9E73000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xBA0D8000 disk.sys
0xBA0E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9E53000 fltmgr.sys
0xB9E41000 sr.sys
0xBA0F8000 Lbd.sys
0xBA108000 PxHelp20.sys
0xB9E2A000 KSecDD.sys
0xB9E13000 WudfPf.sys
0xB9D86000 Ntfs.sys
0xB9D59000 NDIS.sys
0xB9D3F000 Mup.sys
0xBA318000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8878000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8864000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8826000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA408000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8802000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA410000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB87DA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8783000 \SystemRoot\system32\DRIVERS\RT61.sys
0xBA128000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA138000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA148000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8760000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA6D4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA158000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA56C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8749000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA168000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA178000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA418000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8738000 \SystemRoot\system32\DRIVERS\psched.sys
0xBA188000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA420000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB8F76000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA438000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB86DA000 \SystemRoot\system32\DRIVERS\update.sys
0xBA578000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB8F66000 \SystemRoot\system32\DRIVERS\zumbus.sys
0xB8F56000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB8669000 \SystemRoot\System32\Drivers\wdf01000.sys
0xBA298000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB0F7F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5D8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB014A000 \SystemRoot\system32\drivers\sthda.sys
0xB0126000 \SystemRoot\system32\drivers\portcls.sys
0xB0F6F000 \SystemRoot\system32\drivers\drmk.sys
0xBA5DC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB04A4000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5E4000 \SystemRoot\System32\Drivers\Beep.SYS
0xB1242000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB0611000 \SystemRoot\System32\drivers\vga.sys
0xBA5E6000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5E8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB0609000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB0601000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB19F9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB19F1000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB075B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAC9E0000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xABCC3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAA688000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA62F000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA5F5000 \SystemRoot\System32\Drivers\avgtdix.sys
0xAA5CF000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xABF1B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xAA5A7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA585000 \SystemRoot\System32\drivers\afd.sys
0xABF0B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA55A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA4EA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xABEFB000 \SystemRoot\System32\Drivers\Fips.SYS
0xB05D1000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xAA4B6000 \SystemRoot\System32\Drivers\avgldx86.sys
0xBA2D8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA3F8000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xB0636000 \SystemRoot\System32\drivers\Dxapi.sys
0xB0282000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7F1000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB125A000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xABCBB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xAA03B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9FFE000 \SystemRoot\system32\drivers\wdmaud.sys
0xB7495000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9D98000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9587000 \SystemRoot\System32\Drivers\HTTP.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
652 C:\WINDOWS\system32\smss.exe
716 csrss.exe
740 C:\WINDOWS\system32\winlogon.exe
788 C:\WINDOWS\system32\services.exe
800 C:\WINDOWS\system32\lsass.exe
972 C:\WINDOWS\system32\svchost.exe
1044 svchost.exe
1088 C:\WINDOWS\system32\svchost.exe
1132 C:\WINDOWS\system32\svchost.exe
1196 svchost.exe
1292 svchost.exe
1356 C:\Program Files\AVG\AVG9\avgchsvx.exe
1364 C:\Program Files\AVG\AVG9\avgrsx.exe
1500 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1584 C:\Program Files\AVG\AVG9\avgcsrvx.exe
1924 C:\WINDOWS\system32\spoolsv.exe
160 C:\WINDOWS\explorer.exe
212 svchost.exe
472 C:\Program Files\AVG\AVG9\avgwdsvc.exe
860 C:\Program Files\Java\jre6\bin\jqs.exe
1404 C:\WINDOWS\system32\nvsvc32.exe
344 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1992 C:\Program Files\AVG\AVG9\avgnsx.exe
256 C:\WINDOWS\stsystra.exe
588 C:\WINDOWS\system32\svchost.exe
604 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1236 C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
1448 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1320 C:\Program Files\Winamp\winampa.exe
2064 C:\PROGRA~1\AVG\AVG9\avgtray.exe
2124 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2132 C:\WINDOWS\system32\ctfmon.exe
2148 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2164 C:\Program Files\AIM\aim.exe
2172 C:\Program Files\Messenger\msmsgs.exe
2276 C:\WINDOWS\system32\ZuneBusEnum.exe
2444 C:\Program Files\AVG\AVG9\avgemc.exe
2896 C:\Program Files\AVG\AVG9\avgcsrvx.exe
3236 unsecapp.exe
3364 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3396 wmiprvse.exe
3540 alg.exe
3704 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
1324 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3908 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
3052 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
2380 C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
1204 C:\Documents and Settings\Owner\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJS-00L7A0, Rev: 01.03E01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2010/08/22

Your MBAM log says "No action taken" after each line.
Please, re-run it and fix all issues this time around.

Then....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

madmax · 2010/08/22

I'm not sure, but is it possible I saved the log before fixing the issues? I reran it and it found nothing.

broni · 2010/08/22

Go ahead with Combo...

madmax · 2010/08/22

When I try to post the log I get an error from the forum saying I've included too many images in my message.

broni · 2010/08/22

Upload the file(s) here: http://uploadmb.com/
Post download link (Direct Link).

madmax · 2010/08/22

http://www.uploadmb.com/dw.php?id=1282500041

madmax · 2010/08/22

My other post is still pending approval, but the problem seems to be gone.

broni · 2010/08/22

Good

I'm pasting your log, so I can see it better...

ComboFix 10-08-21.06 - Owner 08/22/2010 13:18:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1587 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\F43D3944A08E4B1661C012E9507C2B58
c:\documents and settings\Owner\Application Data\F43D3944A08E4B1661C012E9507C2B58\enemies-names.txt
c:\windows\system32\AVSredirect.dll

Infected copy of c:\windows\system32\drivers\rasacd.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4

((((((((((((((((((((((((( Files Created from 2010-07-22 to 2010-08-22 )))))))))))))))))))))))))))))))
.

2010-08-21 00:21 . 2010-08-21 00:21 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-21 00:21 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-21 00:21 . 2010-08-21 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-21 00:21 . 2010-08-21 00:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-21 00:21 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-17 00:25 . 2010-08-17 00:25 -------- d-----w- c:\program files\Audacity
2010-08-16 13:21 . 2010-08-16 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2010-08-16 13:21 . 2010-08-16 13:21 -------- d-----w- c:\program files\NCH Software
2010-08-16 13:21 . 2010-08-16 13:21 -------- d-----w- c:\documents and settings\Owner\Application Data\NCH Software
2010-08-15 14:56 . 2010-08-15 14:56 -------- d-----w- c:\program files\Trend Micro
2010-08-13 19:26 . 2010-08-13 19:26 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-11 13:13 . 2010-08-11 13:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\My Games
2010-08-11 01:41 . 2010-08-11 01:42 -------- d-----w- c:\documents and settings\Owner\Application Data\ooVoo Details
2010-08-11 01:41 . 2010-08-11 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2010-08-11 01:40 . 2010-08-11 01:41 -------- d-----w- c:\documents and settings\Owner\Application Data\oovootb
2010-08-11 01:40 . 2010-08-11 01:41 -------- d-----w- c:\program files\oovootb
2010-08-11 01:40 . 2010-08-11 01:40 -------- d-----w- c:\program files\ooVoo
2010-08-11 01:30 . 2010-08-18 21:06 -------- d-----w- c:\documents and settings\Owner\Application Data\skypePM
2010-08-11 01:30 . 2010-08-11 01:30 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-11 01:27 . 2010-08-19 00:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Skype
2010-08-11 01:26 . 2010-08-11 01:26 -------- d-----w- c:\program files\Common Files\Skype
2010-08-11 01:26 . 2010-08-11 01:27 -------- d-----r- c:\program files\Skype
2010-08-11 01:26 . 2010-08-11 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-11 00:38 . 2010-08-11 00:38 -------- d-----w- c:\documents and settings\Owner\Application Data\InstallShield
2010-08-10 23:52 . 2010-08-10 23:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Amazon
2010-08-10 23:49 . 2010-08-10 23:49 -------- d-----w- c:\program files\Amazon
2010-08-10 23:41 . 2010-08-10 23:41 -------- d-----w- c:\program files\Firaxis Games
2010-08-10 23:35 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-08-10 16:00 . 2010-08-10 16:00 -------- d-----w- c:\program files\Common Files\Java
2010-08-10 16:00 . 2010-07-17 09:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-09 18:31 . 2010-08-09 18:31 -------- d-----w- c:\program files\AviSynth 2.5
2010-08-09 18:31 . 2009-09-27 13:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2010-08-09 18:31 . 2004-02-22 14:11 719872 ----a-w- c:\windows\system32\devil.dll
2010-08-09 18:31 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2010-08-09 18:31 . 2004-01-25 04:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2010-08-09 18:30 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
2010-08-09 18:30 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2010-08-09 18:30 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2010-08-09 18:30 . 2010-08-09 18:30 -------- d-----w- c:\program files\eRightSoft
2010-08-08 20:58 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-08 18:49 . 2010-08-08 18:49 -------- dc----w- c:\windows\system32\DRVSTORE
2010-08-08 18:49 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-08 18:49 . 2010-08-08 18:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-08 18:40 . 2010-08-08 18:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-08-08 18:38 . 2010-08-08 18:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-08 18:38 . 2010-08-08 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-08 18:38 . 2010-08-08 18:38 -------- d-----w- c:\program files\Lavasoft
2010-08-08 13:54 . 2010-08-08 13:54 -------- d-----w- c:\program files\NOS
2010-08-08 13:49 . 2010-08-08 17:45 -------- d-----w- c:\program files\TuxGuitar-Jet
2010-08-08 12:28 . 2010-08-08 12:28 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-08-07 19:44 . 2010-08-07 19:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-08-07 16:17 . 2010-08-07 16:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-07 16:11 . 2010-08-07 16:11 -------- d-----w- C:\$AVG
2010-08-07 16:10 . 2010-08-07 16:10 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-04 19:22 . 2010-08-04 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-08-04 19:22 . 2010-08-04 19:22 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-08-04 19:21 . 2010-08-04 19:21 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-08-04 19:21 . 2010-08-04 19:21 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-08-04 19:21 . 2010-08-22 13:07 -------- d-----w- c:\windows\system32\drivers\Avg
2010-07-24 16:48 . 2010-07-24 16:48 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-07-24 16:46 . 2010-07-24 16:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\OpenCandy
2010-07-24 16:46 . 2010-07-25 18:54 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenCandy
2010-07-24 16:46 . 2010-07-24 16:46 -------- d-----w- c:\program files\VstPlugins
2010-07-24 16:46 . 2010-07-24 16:46 -------- d-----w- c:\program files\Outsim
2010-07-24 16:45 . 2010-07-24 16:46 -------- d-----w- c:\program files\Image-Line
2010-07-24 16:36 . 2010-07-24 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Propellerhead Software
2010-07-24 16:36 . 2010-07-24 16:36 -------- d-----w- c:\documents and settings\Owner\Application Data\Propellerhead Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-22 14:13 . 2010-03-14 21:09 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-08-21 10:44 . 2010-03-27 17:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-20 11:52 . 2010-04-08 10:32 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-08-19 16:50 . 2010-05-12 21:43 -------- d-----w- c:\program files\Steam
2010-08-11 00:42 . 2010-03-09 21:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-10 17:24 . 2010-04-24 22:29 -------- d-----w- c:\program files\Winamp
2010-08-10 16:00 . 2010-03-14 03:20 -------- d-----w- c:\program files\Java
2010-08-09 18:11 . 2010-04-24 22:30 -------- d-----w- c:\program files\Winamp Detect
2010-08-08 21:22 . 2010-03-10 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-08-08 17:45 . 2010-04-09 19:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2010-08-08 00:26 . 2010-08-08 00:26 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1555fb50-n\msvcp71.dll
2010-08-08 00:26 . 2010-08-08 00:26 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1555fb50-n\jmc.dll
2010-08-08 00:26 . 2010-08-08 00:26 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1555fb50-n\msvcr71.dll
2010-08-08 00:26 . 2010-08-08 00:26 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4e0377a9-n\decora-sse.dll
2010-08-08 00:26 . 2010-08-08 00:26 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4e0377a9-n\decora-d3d.dll
2010-08-07 19:44 . 2010-03-12 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-08-05 11:08 . 2010-08-05 11:08 1615200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-08-05 11:07 . 2010-08-05 11:07 921440 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgemc.exe
2010-08-05 11:07 . 2010-08-05 11:07 1373536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssff.dll
2010-08-05 11:07 . 2010-08-05 11:07 1107296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
2010-08-05 11:07 . 2010-08-05 11:07 4368224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-08-03 18:51 . 2010-03-20 18:59 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2010-07-24 16:46 . 2010-07-24 16:46 331304 ----a-w- c:\documents and settings\Owner\Application Data\OpenCandy\DLMgr_3_1.6.44.exe
2010-07-20 01:09 . 2010-04-09 19:16 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-18 01:48 . 2010-04-09 19:14 -------- d-----w- c:\program files\Vuze
2010-07-14 13:04 . 2010-07-14 13:02 -------- d-----w- c:\documents and settings\Owner\Application Data\REAPER
2010-07-12 08:56 . 2010-08-08 18:38 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-06-21 00:57 . 2010-08-08 12:28 144220 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2010-06-14 14:31 . 2010-03-09 18:54 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2006-05-03 09:06 . 2010-08-09 18:30 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-08-09 18:30 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-08-09 18:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27 252416 ----a-w- c:\program files\oovootb\auxi\oovooAu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35 87512 ----a-w- c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593} "= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
"Aim "= "c:\program files\AIM\aim.exe" [2010-03-08 3972440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-06-02 8429568]
"SigmatelSysTrayApp "= "stsystra.exe" [2006-03-21 282624]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Bing Bar "= "c:\program files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe" [2010-03-24 243544]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2010-07-12 74752]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-04 2065760]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-04 19:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Impulse Now.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Impulse Now.lnk
backup=c:\windows\pss\Impulse Now.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-29 23:42 136176 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-05-12 21:44 1238352 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-01-07 18:38 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\AIM\\aim.exe "=
"c:\\Documents and Settings\\Owner\\Desktop\\eclipse-java-galileo-SR2-win32\\eclipse\\eclipse.exe "=
"c:\\Program Files\\Vuze\\Azureus.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe "=
"c:\\Program Files\\Steam\\steamapps\\angelofdisease12\\team fortress 2\\hl2.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=
"c:\\Program Files\\Steam\\steamapps\\common\\alien swarm\\swarm.exe "=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe "=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe "=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe "=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe "=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\ooVoo\\ooVoo.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
Code:
 "443:UDP "= 443:UDP:*:Disabled:ooVoo UDP port 443
 "37674:TCP "= 37674:TCP:*:Disabled:ooVoo TCP port 37674
 "37674:UDP "= 37674:UDP:*:Disabled:ooVoo UDP port 37674
 "37675:UDP "= 37675:UDP:*:Disabled:ooVoo UDP port 37675
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/8/2010 2:49 PM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/4/2010 3:21 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/4/2010 3:22 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [8/4/2010 3:20 PM 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [8/4/2010 3:20 PM 308136]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/19/2010 8:45 PM 136176]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/11/2010 2:54 PM 15008]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 18:54]

2010-08-18 c:\windows\Tasks\debutShakeIcon.job
- c:\program files\NCH Software\Debut\debut.exe [2010-08-16 13:21]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 00:45]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-20 00:45]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1482476501-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 23:42]

2010-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1482476501-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-29 23:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mystart.com?pr=oovoo2_2
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\3pimr3wv.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\components\SEPsearchhelperff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\MSN Toolbar\Platform\5.0.1423.0\Firefox\components\DomBridge.dll
FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-kavalrm - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-22 13:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2384)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\ZuneBusEnum.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\stsystra.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-08-22 13:43:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-22 17:42

Pre-Run: 143,186,063,360 bytes free
Post-Run: 143,227,179,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5EAC4B158C7C917B819E76F1398C7098

broni · 2010/08/22

It looks good

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

madmax · 2010/08/22

OTL:

OTL logfile created on: 8/22/2010 2:49:46 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 137.70 Gb Free Space | 46.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IAN-30D9E0666D9
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/22 14:48:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/08/17 21:58:17 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/08/11 14:54:37 | 000,913,032 | ---- | M] (Lavasoft ) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
PRC - [2010/08/05 07:07:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/08/04 15:21:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/08/04 15:21:25 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/08/04 15:21:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/08/04 15:21:22 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/08/04 15:21:10 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/08/04 15:20:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/12 12:33:54 | 001,592,672 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winamp.exe
PRC - [2010/07/12 12:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/03/24 16:26:02 | 000,243,544 | ---- | M] (Microsoft Corp.) -- C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe
PRC - [2010/03/08 17:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2010/02/02 03:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 03:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ZuneBusEnum.exe
PRC - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/20 20:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

========== Modules (SafeList) ==========

MOD - [2010/08/22 14:48:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/11 14:54:26 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/08/05 07:07:07 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/08/04 15:20:49 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/26 16:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/08/11 14:54:51 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/08/04 15:22:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/08/04 15:21:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/08/04 15:21:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/07 14:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 10:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/30 15:07:22 | 000,242,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/06/01 21:19:00 | 006,738,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/02/12 15:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iastor)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/03/20 20:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/27 19:06:30 | 000,356,096 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt61.sys -- (RT61) Linksys Wireless-G PCI Adapter Driver(RT61)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: msntoolbar@msn.com:5.0
FF - prefs.js..extensions.enabledItems: {27182e60-b5f3-411c-b545-b44205977502}:1.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/04/09 15:16:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/06/26 11:09:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/08/05 07:08:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/22 10:14:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/22 10:14:25 | 000,000,000 | ---D | M]

[2010/08/22 10:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/08/22 10:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3pimr3wv.default\extensions
[2010/08/22 10:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3pimr3wv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/22 10:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3pimr3wv.default\extensions\staged-xpis
[2010/08/22 10:14:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/10 21:27:03 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/10 12:00:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 12:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/22 13:37:00 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Updater For ooVoo Toolbar) - {442AE524-EBA5-4b17-82F3-888D68BC999A} - C:\Program Files\oovootb\auxi\oovooAu.dll (Visicom Media)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268171542000 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/09 14:56:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/22 14:49:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/22 13:13:17 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/22 13:09:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/20 21:46:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/20 20:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/20 20:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\scans
[2010/08/20 20:21:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/20 20:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/20 20:21:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/20 20:21:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/20 20:20:36 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/16 20:25:57 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/08/16 09:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2010/08/16 09:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2010/08/16 09:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\NCH Software
[2010/08/15 10:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/11 09:13:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\My Games
[2010/08/10 21:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My ooVoo
[2010/08/10 21:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/08/10 21:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/08/10 21:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\oovootb
[2010/08/10 21:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\oovootb
[2010/08/10 21:40:42 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/08/10 21:30:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2010/08/10 21:27:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2010/08/10 21:26:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/08/10 21:26:42 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/08/10 21:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/08/10 20:38:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\InstallShield
[2010/08/10 19:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2010/08/10 19:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2010/08/10 19:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2010/08/10 12:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/09 14:31:07 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/08/09 14:31:07 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/08/09 14:31:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/09 14:31:07 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/08/09 14:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/08/09 14:30:45 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/08/09 14:30:45 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/08/09 14:30:45 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/08/09 14:30:45 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/08/09 14:30:45 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/08/09 14:30:45 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/08/09 14:30:45 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/08/09 14:30:45 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/08/09 14:30:45 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/08/09 14:30:45 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/08/09 14:30:45 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/08/09 14:30:45 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/08/09 14:30:45 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/08/09 14:30:43 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/08/08 14:49:49 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/08 14:49:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/08 14:49:48 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/08 14:40:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/08/08 14:38:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/08 14:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/08 14:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/08 13:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/08/08 13:45:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/08 09:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/08 09:49:19 | 000,000,000 | ---D | C] -- C:\Program Files\TuxGuitar-Jet
[2010/08/08 09:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/08 08:28:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/08/08 08:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/08/07 15:59:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/07 15:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/07 12:11:36 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/08/04 15:22:02 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/04 15:22:00 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/04 15:21:56 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/04 15:21:54 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/04 15:21:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/07/24 12:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\OpenCandy
[2010/07/24 12:46:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/07/24 12:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Image-Line
[2010/07/24 12:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010/07/24 12:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010/07/24 12:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line
[2010/07/24 12:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2010/07/24 12:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/07/15 09:14:53 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/07/14 09:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\REAPER
[2010/07/01 19:53:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/07/01 18:58:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\pybackup
[2010/06/24 08:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/19 20:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2010/06/19 20:45:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/06/19 20:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/06/17 16:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/22 14:52:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1482476501-839522115-1003UA.job
[2010/08/22 14:51:03 | 000,000,146 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\.~lock.road essay 2.odt#
[2010/08/22 14:50:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 14:49:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/22 14:48:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/08/22 13:52:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-606747145-1482476501-839522115-1003Core.job
[2010/08/22 13:37:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/22 13:37:00 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/22 13:36:54 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 13:36:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/22 13:36:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/22 13:36:14 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/22 13:17:07 | 000,017,931 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\road essay 2.odt
[2010/08/22 13:13:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/22 10:14:27 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/22 10:14:27 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/22 09:07:42 | 063,714,321 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/21 08:32:22 | 004,310,826 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/08/21 06:44:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/20 20:52:30 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\k52m1bbl.exe
[2010/08/20 20:21:22 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 20:20:05 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.46.exe
[2010/08/19 22:52:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2010/08/19 22:52:38 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/18 17:58:51 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/08/16 20:25:58 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Audacity.lnk
[2010/08/16 09:21:40 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[2010/08/15 11:01:35 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/08/15 10:56:17 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/13 15:26:40 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/12 22:13:37 | 000,012,342 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bands.odt
[2010/08/10 21:40:43 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/08/10 21:30:46 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/10 21:26:43 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/10 20:58:23 | 000,002,130 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization 4 - Beyond the Sword.lnk
[2010/08/10 20:42:05 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/08/10 20:40:42 | 000,000,977 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/08/10 19:37:07 | 000,008,413 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\road quotes.odt
[2010/08/09 14:30:47 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/09 14:30:46 | 000,001,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/09 14:11:26 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/08/08 14:49:48 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/08 14:38:24 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/08 14:38:24 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/08 09:49:26 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\tuxguitar.lnk
[2010/08/07 16:09:45 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/07 15:45:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/07 12:13:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/04 15:22:04 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/04 15:22:03 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/08/04 15:22:02 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/08/04 15:21:56 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/08/04 15:21:55 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/08/04 15:21:54 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/04 07:49:55 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Citizenship-in-the-Nation-1.doc
[2010/07/24 12:46:54 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\FL Studio 9.lnk
[2010/07/23 11:49:06 | 000,787,767 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Breakdown.mp3
[2010/07/15 09:14:53 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.prepare
[2010/07/15 06:02:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/07/12 04:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 04:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/05 18:31:16 | 000,008,492 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\emptiness.odt
[2010/07/01 19:54:06 | 000,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/01 19:54:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/06/26 18:08:56 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/24 07:53:14 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 07:53:14 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 07:53:14 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 20:47:45 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/17 16:42:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/06/17 16:42:10 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/06/17 16:41:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2010/06/17 16:38:48 | 000,010,248 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\permit test.odt
[2010/06/17 16:35:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/17 16:35:26 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2010/06/17 16:35:14 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2010/06/14 22:05:53 | 000,200,145 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\lvl1.mine
[2010/06/11 06:44:31 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/22 14:51:03 | 000,000,146 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\.~lock.road essay 2.odt#
[2010/08/22 13:13:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/22 13:13:18 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/22 10:14:27 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/22 10:14:27 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/20 22:09:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\k52m1bbl.exe
[2010/08/20 20:21:22 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/20 20:15:24 | 000,017,931 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\road essay 2.odt
[2010/08/18 17:58:50 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\debutShakeIcon.job
[2010/08/16 20:25:58 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Audacity.lnk
[2010/08/16 09:21:40 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Debut Video Capture Software.lnk
[2010/08/15 11:01:33 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2010/08/15 10:56:17 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010/08/13 15:26:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/10 21:40:43 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/08/10 21:30:46 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/08/10 21:26:43 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/10 20:58:23 | 000,002,130 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sid Meier's Civilization 4 - Beyond the Sword.lnk
[2010/08/10 20:02:19 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4 - Warlords.lnk
[2010/08/10 19:41:07 | 000,000,977 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Launch Sid Meier's Civilization 4.lnk
[2010/08/10 19:37:07 | 000,008,413 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\road quotes.odt
[2010/08/09 14:30:47 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER © Uninstall.lnk
[2010/08/09 14:30:46 | 000,001,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPER ©.lnk
[2010/08/09 14:30:45 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/08/09 14:30:45 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/08/09 14:30:45 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/08/09 14:30:45 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/08/09 14:30:45 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/08/09 14:30:45 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/08/09 14:30:45 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/08/09 14:30:45 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/08/08 16:58:39 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/08 14:50:49 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/08 14:38:24 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/08 14:38:24 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/08 09:49:26 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\tuxguitar.lnk
[2010/08/07 12:13:06 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/06 07:37:17 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010/08/04 15:22:04 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/08/04 15:21:54 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/08/04 15:21:52 | 063,714,321 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/24 12:46:54 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\FL Studio 9.lnk
[2010/07/18 21:41:12 | 000,787,767 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Breakdown.mp3
[2010/07/05 18:31:42 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Citizenship-in-the-Nation-1.doc
[2010/07/05 18:31:14 | 000,008,492 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\emptiness.odt
[2010/06/19 20:47:45 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/06/19 20:45:40 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/19 20:45:40 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/17 16:42:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_ZuneDriver_01_09_00.Wdf
[2010/06/17 16:42:10 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01009.Wdf
[2010/06/17 16:41:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2010/06/17 16:38:47 | 000,010,248 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\permit test.odt
[2010/06/17 16:35:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/06/17 16:35:26 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2010/06/17 16:35:14 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2010/03/11 22:12:57 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/10 17:33:34 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/03/10 17:33:29 | 000,000,890 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/09/24 14:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

========== LOP Check ==========

[2010/03/11 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/08/08 17:22:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/04/09 15:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/10 21:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2010/07/24 12:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software
[2010/04/07 16:54:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock
[2010/04/05 15:42:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{559CD377-B28F-4085-9BFD-A7569B14F947}
[2010/08/08 14:38:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/04/14 19:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2010/03/11 22:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/08/10 19:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2010/08/08 13:45:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/04/29 19:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BonkEnc
[2010/06/16 08:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\foobar2000
[2010/04/29 20:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mp3tag
[2010/08/10 21:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ooVoo Details
[2010/08/22 14:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\oovootb
[2010/07/25 14:54:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2010/03/14 17:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2010/07/24 12:36:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Propellerhead Software
[2010/07/14 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\REAPER
[2010/03/21 09:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Stardock
[2010/07/24 12:48:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2010/08/22 14:49:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/18 17:58:51 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\debutShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/08/22 13:36:45 | 000,007,471 | ---- | M] () -- C:\aaw7boot.log
[2010/03/09 14:56:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/01 19:54:06 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/22 13:13:23 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/22 13:43:07 | 000,025,897 | ---- | M] () -- C:\ComboFix.txt
[2010/03/09 14:56:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/03/09 14:56:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/03/11 22:45:43 | 000,000,453 | -H-- | M] () -- C:\IPH.PH
[2010/03/09 14:56:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/03/09 19:42:21 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/22 13:36:45 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/08/07 12:13:07 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 08:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 08:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/09 06:45:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/09 06:45:14 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/09 06:45:14 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

broni · 2010/08/22

....and Extras.txt...

madmax · 2010/08/22

I'm having the same problem with the extras file that I had with the combofix log, so I did the same thing with it. Let me know if you would like something different.
http://www.uploadmb.com/dw.php?id=1282503694

broni · 2010/08/22

OTL Extras logfile created on: 8/22/2010 2:49:46 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 137.70 Gb Free Space | 46.20% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IAN-30D9E0666D9
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
Code:
 "443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
 "37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
 "37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
 "37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Documents and Settings\Owner\Desktop\eclipse-java-galileo-SR2-win32\eclipse\eclipse.exe" = C:\Documents and Settings\Owner\Desktop\eclipse-java-galileo-SR2-win32\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Steam\steamapps\angelofdisease12\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\angelofdisease12\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4 Warlords -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Pitboss -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:EnabledoVoo -- (ooVoo LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{7ff90460-89b7-435b-b583-b37b2815ccc7}" = Python 3.1.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A8589680-35C1-4732-ACCA-09B78921ECE3}" = Sid Meier's Civilization 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E21DA178-9FB0-4F91-B79C-5A6DDEEBFB8D}" = Bing Bar Platform
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"8461-7759-5462-8226" = Vuze
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Audacity_is1" = Audacity 1.2.6
"AVG9Uninstall" = AVG Free 9.0
"BlueJ_is1" = BlueJ 2.5.3
"ClassicPro" = ClassicPro© v1.14
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combat Mission Shock Force_is1" = Combat Mission Shock Force
"Debut" = Debut Video Capture Software
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"FL Studio 9" = FL Studio 9
"foobar2000" = foobar2000 v1.0.2.1
"Galactic Civilizations II" = Galactic Civilizations II
"Galactic Civilizations II - Gold Edition" = Galactic Civilizations II - Gold Edition
"GalCiv II - Dark Avatar" = GalCiv II - Dark Avatar
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"Impulse" = Impulse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mp3tag" = Mp3tag v2.46a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"oovootb" = ooVoo Toolbar (Remove Toolbar Only)
"PoiZone" = PoiZone
"PROSet" = Intel(R) PRO Network Connections Drivers
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Stardock Central" = Stardock Central
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 630" = Alien Swarm
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Toxic Biohazard" = Toxic Biohazard
"TuxGuitar_0" = TuxGuitar 1.2
"VLC media player" = VLC media player 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/20/2010 8:45:27 AM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/20/2010 8:45:27 AM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/20/2010 10:46:48 AM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/20/2010 12:59:40 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/20/2010 3:53:33 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/20/2010 3:53:34 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 8/20/2010 6:58:51 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/20/2010 8:43:39 PM | Computer Name = IAN-30D9E0666D9 | Source = Application Error | ID = 1000
Description = Faulting application winamp.exe, version 5.5.8.2985, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x00011780.

Error - 8/22/2010 12:44:54 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/22/2010 12:44:55 PM | Computer Name = IAN-30D9E0666D9 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 8/22/2010 10:10:06 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:06 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:06 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:06 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:06 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:07 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:07 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:07 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 10:10:07 AM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/22/2010 1:18:22 PM | Computer Name = IAN-30D9E0666D9 | Source = Service Control Manager | ID = 7023
Description = The Network Security service terminated with the following error:
%%126

< End of report >

broni · 2010/08/22

Any reason, your system restore is disabled, or you're not aware of it?

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O24 - Desktop Components:0 () - 
[2010/07/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
===============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

madmax · 2010/08/22

I had no idea system restore was disabled. I'll post with the logs soon.

Log in or Sign up

Solved Browser redirect

madmax Inactive Thread Starter

Admin. Administrator Administrator Staff

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

madmax Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

madmax Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Browser redirect

madmax Inactive Thread Starter

Admin. Administrator Administrator Staff

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

madmax Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

madmax Inactive Thread Starter

broni Moderator Malware Analyst

broni Moderator Malware Analyst

madmax Inactive Thread Starter

Share This Page

Useful Searches