Inactive A strange virus problem

[Inactive] A strange virus problem

Another friend has asked me for help. 2 days ago his computer started to exhibit 'infected by a virus' messages when he attempted to open any app.

He runs the latest AVG automaticlly, so was surprised by this occurance.

We decided to go back to a system restore pt on 6/29 (2 days prior to the disaster.) Now the machine will start, populate the desktop and go into a hard wait. Mouse moves across the desktop, but no action when selecting a desktop icon.....it's frozen. Ctrl-Alt-Del doesn't produce a window.

What to do?

 

OTL logfile created on: 7/2/2010 10:42:50 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 407.08 Gb Free Space | 87.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (hpdj00)
SRV - [2010/07/01 13:17:47 | 001,352,832 | ---- | M] (Lavasoft) [Auto] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2010/04/21 14:34:14 | 000,704,432 | ---- | M] () [Auto] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2010/03/29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/03/15 09:35:09 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/03 17:52:32 | 001,980,560 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2009/10/28 18:11:34 | 000,113,192 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2009/10/28 18:11:32 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2009/10/28 18:11:26 | 000,092,712 | R--- | M] (Authentium, Inc) [Auto] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/09/29 09:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/07/29 19:13:28 | 000,061,440 | ---- | M] () [Auto] -- C:\Program Files\OddATC\OddService.exe -- (OddATC Service)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | Auto] -- -- (SSPORT)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto] -- -- (DgiVecp)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/06/06 11:04:14 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/06/03 08:27:54 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/03 08:27:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 09:33:15 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/10 06:07:49 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2009/10/28 18:25:42 | 000,122,408 | R--- | M] (Authentium, Inc) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\amp.sys -- (AMP)
DRV - [2009/10/28 18:25:40 | 001,117,224 | R--- | M] (Authentium, Inc) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ampse.sys -- (AMPSE)
DRV - [2009/06/17 08:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2008/10/16 16:14:00 | 000,030,720 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/13 22:05:30 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/01/30 11:28:36 | 004,725,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/24 18:51:34 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System] -- C:\WINDOWS\system32\drivers\filedisk.sys -- (FileDisk)
DRV - [2006/06/14 13:56:40 | 000,247,808 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/01/19 04:17:38 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/01/18 23:44:46 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2004/10/15 13:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/09/25 01:39:08 | 000,289,792 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2004/09/25 01:38:32 | 000,023,936 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dvd_2k.sys -- (dvd_2K)
DRV - [2004/09/25 01:32:40 | 000,024,832 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/09/25 01:29:52 | 000,044,288 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/09/25 01:29:50 | 000,141,184 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | System] -- C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2004/09/25 01:26:40 | 000,200,832 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\Udfreadr.sys -- (UDFReadr)
DRV - [2004/09/25 01:26:28 | 000,023,808 | ---- | M] (Roxio) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mmc_2k.sys -- (mmc_2K)
DRV - [2004/09/25 01:23:16 | 000,117,632 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\system32\drivers\Pwd_2k.sys -- (pwd_2k)
DRV - [2004/08/11 11:00:00 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.SYS -- (MTsensor)
DRV - [2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EA A6 FE CB B2 DF C9 01 [binary data]
IE - HKU\Dan_Stout_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Rosemary_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Rosemary_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/04 06:05:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 05:10:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/01 10:01:13 | 000,000,000 | ---D | M]

[2010/06/30 10:17:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/19 18:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 18:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/06/30 10:17:38 | 000,411,964 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 14237 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Dan_Stout_ON_C\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\Dan_Stout_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Rosemary_ON_C\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKU\Dan_Stout_ON_C..\Run: [EPSON Stylus Photo R280 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICKA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Dan_Stout_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\Dan_Stout_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\Dan_Stout_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Rosemary_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\World Community Grid - BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe (World Community Grid)
O4 - Startup: C:\Documents and Settings\Dan Stout\Start Menu\Programs\Startup\OddATC Client.lnk = C:\WINDOWS\Installer\{245603B0-960E-45C7-BCBA-37B4E1BE694C}\_5AB6AF14459EC6F53F541E.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Dan_Stout_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Rosemary_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228839069159 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228839054565 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} https://secure.iolo.com/app/ocx/UpgradeVerify.cab (iolo.ProductDetector)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.144.23 205.152.132.23
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/28 08:29:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/01 13:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/01 13:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/01 10:00:41 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/07/01 09:57:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/06/27 12:14:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\V-Safe 100
[2010/06/09 05:17:49 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2008/04/25 10:20:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dan Stout\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/07/02 10:42:45 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/07/02 09:32:47 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/02 09:32:47 | 000,241,664 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/02 09:32:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 09:32:08 | 2138,296,320 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/01 13:44:28 | 000,002,227 | ---- | M] () -- C:\Documents and Settings\Dan Stout\Start Menu\Programs\StartUp\OddATC Client.lnk
[2010/07/01 13:42:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 13:42:27 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/07/01 13:22:46 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/01 13:08:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005UA.job
[2010/07/01 13:07:57 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/07/01 13:05:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/01 10:00:04 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan Stout\ntuser.ini
[2010/06/30 16:37:54 | 002,649,846 | -H-- | M] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\IconCache.db
[2010/06/30 15:15:23 | 061,534,963 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/30 12:06:26 | 000,001,021 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb0000
[2010/06/30 12:06:26 | 000,000,108 | ---- | M] () -- C:\WINDOWS\System32\EPPICResdb
[2010/06/30 11:02:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/30 10:17:38 | 000,411,964 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/29 20:08:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005Core.job
[2010/06/29 14:38:36 | 009,347,072 | ---- | M] () -- C:\Documents and Settings\Dan Stout\ntuser.dat
[2010/06/24 10:45:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/24 06:23:56 | 005,767,168 | ---- | M] () -- C:\Documents and Settings\Rosemary\ntuser.dat
[2010/06/24 06:23:50 | 000,409,121 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100630-101738.backup
[2010/06/17 10:59:19 | 000,005,453 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\Visor.rtf
[2010/06/16 10:31:53 | 000,408,995 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100624-062350.backup
[2010/06/13 10:32:21 | 000,000,050 | ---- | M] () -- C:\WINDOWS\brmx2001.ini
[2010/06/09 05:57:04 | 001,328,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 05:37:14 | 000,535,402 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/09 05:37:14 | 000,465,876 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/09 05:37:14 | 000,079,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 05:22:27 | 000,000,638 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/06 11:04:14 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/06/03 08:27:54 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/03 08:27:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/02 14:02:02 | 000,088,526 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\ViewerX.alb
[2010/06/02 13:58:33 | 000,003,641 | ---- | M] () -- C:\Documents and Settings\Dan Stout\My Documents\American Flag.jpg
[2010/06/02 11:12:34 | 000,404,234 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-103153.backup

========== Files Created - No Company Name ==========

[2010/07/01 10:05:36 | 2138,296,320 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/30 15:14:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/29 14:38:33 | 009,347,072 | ---- | C] () -- C:\Documents and Settings\Dan Stout\ntuser.dat
[2010/06/17 03:33:15 | 000,005,453 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\Visor.rtf
[2010/06/09 05:59:43 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/06/02 14:01:56 | 000,003,641 | ---- | C] () -- C:\Documents and Settings\Dan Stout\My Documents\American Flag.jpg
[2010/05/04 13:47:44 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2010/01/30 10:23:42 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\lua5.1a.dll
[2010/01/09 12:40:43 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/28 14:11:17 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\FASTWiz.html
[2009/12/28 13:12:58 | 000,104,564 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\FASTWiz.log
[2009/10/26 06:55:49 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSENCRYPTPLUGIN1636_AVG_RESTORED_7.DLL
[2009/10/26 06:55:49 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_6.dll
[2009/10/26 06:55:49 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMemoryPlugin1635.dll
[2009/10/26 06:55:49 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMACOSXPLUGIN1635_AVG_RESTORED_10.DLL
[2009/10/26 06:55:48 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_5.dll
[2009/10/26 06:55:48 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_4.dll
[2009/10/26 06:55:48 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_9.dll
[2009/10/26 06:55:48 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_8.dll
[2009/10/26 06:55:48 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_7.dll
[2009/10/26 06:55:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_3.dll
[2009/10/26 06:55:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_2.dll
[2009/10/26 06:55:30 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_1.dll
[2009/10/26 06:55:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_6.dll
[2009/10/26 06:55:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_5.dll
[2009/10/26 06:55:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_4.dll
[2009/10/26 06:55:30 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_3.dll
[2009/10/26 06:55:29 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED.dll
[2009/10/26 06:55:29 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_2.dll
[2009/10/26 06:55:29 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_1.dll
[2009/10/26 06:55:28 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSENCRYPTPLUGIN1636.DLL
[2009/10/26 06:55:28 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED.dll
[2009/10/26 06:55:28 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMacOSXPlugin1635.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/21 06:31:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/07/21 06:28:40 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/05/31 16:54:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/05/31 16:54:56 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/05/09 12:12:07 | 000,000,096 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/13 11:09:38 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Rosemary\ntuser.dat.LOG
[2009/03/13 11:09:38 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Rosemary\ntuser.ini
[2009/03/13 11:09:37 | 005,767,168 | ---- | C] () -- C:\Documents and Settings\Rosemary\ntuser.dat
[2009/03/01 10:52:46 | 000,000,094 | ---- | C] () -- C:\Documents and Settings\Dan Stout\couponmanager.properties
[2009/01/26 15:00:23 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/01/26 14:56:37 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2009/01/26 14:56:37 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/01/26 14:56:37 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/01/21 17:19:05 | 000,000,410 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/01/21 17:19:05 | 000,000,211 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/01/21 17:19:05 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/01/21 17:19:05 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/01/21 17:18:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2008/08/19 09:10:38 | 000,075,776 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\rbqt450.DLL
[2008/08/19 09:10:38 | 000,064,512 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\rbap450.dll
[2008/08/19 09:10:38 | 000,052,224 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\EHZComp.dll
[2008/08/19 09:10:38 | 000,041,472 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\RBShell400.dll
[2008/08/19 09:10:38 | 000,019,968 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\EHMD5.dll
[2008/08/19 09:10:38 | 000,018,432 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\EHEncrypt.dll
[2008/08/19 09:10:37 | 000,054,272 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSQTImporterPlugin1635.dll
[2008/08/19 09:10:37 | 000,053,760 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSPicturePlugin1635.dll
[2008/08/19 09:10:37 | 000,051,712 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSWinPlugin1635.dll
[2008/08/19 09:10:37 | 000,049,664 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSQuickTimePlugin1636.dll
[2008/08/19 09:10:37 | 000,048,128 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSResPlugin1635.dll
[2008/08/19 09:10:37 | 000,041,984 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSMainPlugin1635.dll
[2008/08/19 09:10:37 | 000,037,376 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSPictureMacPlugin1635.dll
[2008/08/19 09:10:37 | 000,036,352 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSRegistryPlugin1636.dll
[2008/08/19 09:10:37 | 000,036,352 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSFolderitemsCreatePlugin1635.dll
[2008/08/19 09:10:37 | 000,032,256 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSProcessPlugin1636.dll
[2008/08/19 09:10:37 | 000,032,256 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSIconPlugin1635.dll
[2008/08/19 09:10:37 | 000,029,184 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSRectPlugin1635.dll
[2008/08/19 09:10:37 | 000,026,624 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSUsernamePlugin1635.dll
[2008/08/19 09:10:37 | 000,026,112 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSResStreamPlugin1635.dll
[2008/08/19 09:10:37 | 000,026,112 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSRegistrationPlugin1636.dll
[2008/08/19 09:10:37 | 000,025,088 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\MBSPluginVersionPlugin1635.dll
[2008/07/11 12:03:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/07/11 11:00:20 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/07/11 10:59:50 | 000,000,085 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/05/08 11:54:41 | 000,000,116 | ---- | C] () -- C:\Documents and Settings\Dan Stout\default.pls
[2008/05/08 11:54:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/05/03 16:50:09 | 000,000,488 | ---- | C] () -- C:\WINDOWS\iScreensaver.ini
[2008/05/03 09:04:28 | 002,316,712 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/05/03 08:59:17 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/04/26 13:42:40 | 000,000,101 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\transcoder_1.log
[2008/04/26 12:31:32 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2008/04/26 11:39:50 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Local Settings\Application Data\fusioncache.dat
[2008/04/25 17:05:17 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2008/04/25 11:03:45 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2008/04/25 10:20:10 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\pcouffin.log
[2008/04/25 10:20:08 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\inst.exe
[2008/04/25 10:20:08 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\pcouffin.cat
[2008/04/25 10:20:08 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dan Stout\Application Data\pcouffin.inf
[2008/04/25 08:54:48 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Administrator\CS.doc
[2008/04/25 08:54:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Gretchen b-day.doc
[2008/04/25 08:54:48 | 000,019,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Scanner Channels.doc
[2008/04/25 08:54:48 | 000,007,219 | ---- | C] () -- C:\Documents and Settings\Administrator\1click Log.txt
[2008/04/25 08:54:47 | 000,001,913 | ---- | C] () -- C:\Documents and Settings\Administrator\Marmalade.doc
[2008/04/25 08:54:47 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\Administrator\untitled.flp
[2008/04/25 08:52:40 | 000,884,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Southstar Ron's K1.tif
[2008/04/25 08:52:40 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Administrator\UPS.txt
[2008/04/25 08:52:39 | 000,915,974 | ---- | C] () -- C:\Documents and Settings\Administrator\Odierna W2.rtf
[2008/04/25 08:52:39 | 000,259,515 | ---- | C] () -- C:\Documents and Settings\Administrator\Kittleman IRS letter.rtf
[2008/04/25 08:52:39 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\KBCT LiveATC.doc
[2008/04/25 08:52:39 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Traders.doc
[2008/04/25 08:52:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\USA label.doc
[2008/04/25 08:52:39 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Foreign label.doc
[2008/04/25 08:52:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Refill.doc
[2008/04/25 08:52:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Dr. George.doc
[2008/04/25 08:52:39 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\Administrator\R number log.xls
[2008/04/25 08:52:39 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Lemon marmalade.pmo
[2008/04/25 08:52:39 | 000,014,986 | ---- | C] () -- C:\Documents and Settings\Administrator\hyper_eval.pdf
[2008/04/25 08:52:39 | 000,009,567 | ---- | C] () -- C:\Documents and Settings\Administrator\NPRM.rtf
[2008/04/25 08:52:39 | 000,006,808 | ---- | C] () -- C:\Documents and Settings\Administrator\MedXpress.rtf
[2008/04/25 08:52:39 | 000,004,829 | ---- | C] () -- C:\Documents and Settings\Administrator\CU acct.rtf
[2008/04/25 08:52:39 | 000,004,616 | ---- | C] () -- C:\Documents and Settings\Administrator\CNS.rtf
[2008/04/25 08:52:39 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Administrator\Keef.rtf
[2008/04/25 08:52:39 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Administrator\BocaAC Owners.rtf
[2008/04/25 08:52:39 | 000,000,166 | ---- | C] () -- C:\Documents and Settings\Administrator\Promos.txt
[2008/04/25 08:52:39 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Administrator\SM7 Serial.txt
[2008/04/25 08:52:38 | 001,687,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Hoosier.rtf
[2008/04/25 08:52:38 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\U S P S Carrier.doc
[2008/04/25 08:52:38 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\FIRST CLASS MAIL.doc
[2008/04/25 08:52:38 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Alpha.doc
[2008/04/25 08:52:38 | 000,006,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Walk.rtf
[2008/04/25 08:52:38 | 000,001,803 | ---- | C] () -- C:\Documents and Settings\Administrator\34th.txt
[2008/04/25 08:52:38 | 000,001,115 | ---- | C] () -- C:\Documents and Settings\Administrator\JPI.txt
[2008/04/25 08:52:38 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\Administrator\Watch estimate.rtf
[2008/04/25 08:46:48 | 000,059,392 | ---- | C] () -- C:\Documents and Settings\Administrator\YOS Invoice.doc
[2008/04/25 08:46:48 | 000,024,165 | ---- | C] () -- C:\Documents and Settings\Administrator\PRICEUS.rtf
[2008/04/25 08:46:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Nelson.doc
[2008/04/25 08:46:48 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Military Trail.doc
[2008/04/25 08:46:48 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Lasagna.doc
[2008/04/25 08:46:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\Chili.doc
[2008/04/25 08:46:48 | 000,017,695 | ---- | C] () -- C:\Documents and Settings\Administrator\DAGO A Pieras, Jr (Resume).docx
[2008/04/25 08:46:48 | 000,006,993 | ---- | C] () -- C:\Documents and Settings\Administrator\CoolSite.rtf
[2008/04/25 08:46:48 | 000,001,304 | ---- | C] () -- C:\Documents and Settings\Administrator\LiveATC.txt
[2008/04/25 08:46:48 | 000,000,948 | ---- | C] () -- C:\Documents and Settings\Administrator\Aus Rates.txt
[2008/04/25 08:46:48 | 000,000,428 | ---- | C] () -- C:\Documents and Settings\Administrator\spider.sav
[2008/04/25 06:18:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 19:50:39 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Dan Stout\ntuser.dat.LOG
[2008/04/24 19:50:39 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Dan Stout\ntuser.ini
[2008/03/13 07:08:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/12 15:24:07 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/28 14:47:55 | 000,043,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\amdagp.sys
[2006/09/28 11:35:08 | 005,242,880 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2006/09/28 11:34:57 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2006/09/28 11:34:56 | 000,241,664 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2006/09/28 08:35:10 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2006/09/28 08:35:09 | 000,049,152 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2006/09/28 08:34:57 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2006/09/28 08:34:57 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2006/09/28 08:34:56 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/09/28 08:34:56 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/11 11:00:00 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.SYS
[2003/02/03 05:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/01/01 00:17:30 | 000,000,507 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

========== LOP Check ==========

[2009/07/31 05:28:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2010/04/15 09:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Argali
[2008/09/18 05:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Broderbund Software
[2008/07/06 10:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/02 06:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\GlarySoft
[2008/12/09 11:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\InfraRecorder
[2010/05/03 05:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\iolo
[2008/05/03 16:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\iScreensaver
[2009/03/14 06:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\LimeWire
[2008/08/01 14:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Nikon
[2009/01/26 15:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\pdf995
[2010/05/07 14:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Research In Motion
[2010/01/05 09:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Vso
[2008/07/24 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Windows Desktop Search
[2008/07/26 17:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dan Stout\Application Data\Windows Search
[2010/01/07 11:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2009/03/17 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\pdf995
[2009/03/13 11:10:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rosemary\Application Data\Windows Desktop Search
[2010/06/30 11:02:27 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/07/01 13:42:27 | 000,000,320 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========


< End of report >

 

Strange, but the machine does operate normally when booted in safe mode with networking.

Now what? Please.

 

MBAM scan completed with comment 'no malicious itmes found'.
Can't seem to get the actual log saved on the thumb drive for porting to this machine.


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-09 13:06:09
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwgyakoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A785EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

 

System running 50% busy, yet no programs running.
also can't get the hidden task bar to show when mouse is moved to the lower part of screen. Desktop is black, only showing SAFE MODE in all 4 corners.

Stopped the AVG processes, still at 50% usage.

Two sets of SVCHOST.EXE SYSTEM and SVCHOST.EXE NETWORK running
one occurance of SVCHOST.EXE LOCAL SERVICE

and system is frozen.

 

During the Combo fix run msg: Rootkit activity detected. re-booting system.


ComboFix 10-07-08.02 - Dan Stout 07/10/2010 5:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1439 [GMT -4:00]
Running from: I:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo System Shield *On-access scanning disabled* (Outdated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan Stout\Application Data\EHEncrypt.dll
c:\documents and settings\Dan Stout\Application Data\EHMD5.dll
c:\documents and settings\Dan Stout\Application Data\EHZComp.dll
c:\documents and settings\Dan Stout\Application Data\inst.exe
c:\documents and settings\Dan Stout\Application Data\MBSENCRYPTPLUGIN1636.DLL
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_1.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_2.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_3.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_4.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_5.dll
c:\documents and settings\Dan Stout\Application Data\MBSEncryptPlugin1636_AVG_RESTORED_6.dll
c:\documents and settings\Dan Stout\Application Data\MBSENCRYPTPLUGIN1636_AVG_RESTORED_7.DLL
c:\documents and settings\Dan Stout\Application Data\MBSFolderitemsCreatePlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSIconPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_1.dll
c:\documents and settings\Dan Stout\Application Data\MBSMACOSXPLUGIN1635_AVG_RESTORED_10.DLL
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_2.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_3.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_4.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_5.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_6.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_7.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_8.dll
c:\documents and settings\Dan Stout\Application Data\MBSMacOSXPlugin1635_AVG_RESTORED_9.dll
c:\documents and settings\Dan Stout\Application Data\MBSMainPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSMemoryPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSPictureMacPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSPicturePlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSPluginVersionPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSProcessPlugin1636.dll
c:\documents and settings\Dan Stout\Application Data\MBSQTImporterPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSQuickTimePlugin1636.dll
c:\documents and settings\Dan Stout\Application Data\MBSRectPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSRegistrationPlugin1636.dll
c:\documents and settings\Dan Stout\Application Data\MBSRegistryPlugin1636.dll
c:\documents and settings\Dan Stout\Application Data\MBSResPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSResStreamPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSUsernamePlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\MBSWinPlugin1635.dll
c:\documents and settings\Dan Stout\Application Data\rbap450.dll
c:\documents and settings\Dan Stout\Application Data\rbqt450.DLL
c:\documents and settings\Dan Stout\Application Data\RBShell400.dll
c:\temp\unins000.dat
c:\windows\Downloaded Program Files\ODCTOOLS
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
Infected copy of c:\windows\system32\drivers\amdagp.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 17:07 . 2010-07-09 17:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-09 17:03 . 2010-07-09 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-08 17:01 . 2010-07-08 17:01 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 17:00 . 2010-07-08 17:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-01 14:01 . 2010-07-01 14:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\program files\NOS
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 19:14 . 2010-07-09 17:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 16:14 . 2010-06-27 16:14 -------- d-----w- c:\documents and settings\Dan Stout\Local Settings\Application Data\V-Safe 100

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 09:55 . 2008-05-05 13:33 -------- d-----w- c:\program files\BOINC
2010-06-09 10:28 . 2008-04-25 00:16 -------- d-----w- c:\program files\RegScrubXP
2010-06-09 09:56 . 2008-04-25 00:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 15:04 . 2009-06-24 18:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 12:27 . 2008-05-04 10:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:27 . 2008-04-25 00:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-29 15:43 . 2010-05-07 18:03 256 ----a-w- c:\windows\system32\pool.bin
2010-05-28 16:59 . 2010-05-28 16:47 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Download Manager
2010-05-26 12:49 . 2008-05-01 11:54 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Malwarebytes
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-11 10:57 . 2010-05-11 10:57 -------- d-----w- c:\program files\Speccy
2010-05-06 10:41 . 2006-09-28 00:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-09-28 00:01 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-17 12:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-17 12:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 15:01 . 2009-10-15 12:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-25 14:58 . 2010-04-25 14:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 18:54 . 2009-08-21 00:47 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-04-21 18:54 . 2008-05-03 13:04 2316712 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-20 05:30 . 2006-09-28 00:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2002-09-11 14:26 . 2008-07-11 15:00 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-09 1576176]
"Google Update "= "c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-16 864112]
"SetDefPrt "= "c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Dan Stout\Start Menu\Programs\Startup\
OddATC Client.lnk - c:\windows\Installer\{245603B0-960E-45C7-BCBA-37B4E1BE694C}\_5AB6AF14459EC6F53F541E.exe [2009-4-18 766]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-25 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
World Community Grid - BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-17 3874816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-09 21:19 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 13:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/24/2009 2:04 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 6:34 AM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 6:34 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 6:25 PM 122408]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/15/2010 9:35 AM 308064]
R2 OddATC Service;OddATC Service;c:\program files\OddATC\OddService.exe [7/29/2007 7:13 PM 61440]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 6:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 6:11 PM 117288]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 6:25 PM 1117224]
S2 hpdj00;hpdj00;c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio --> c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio [?]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/3/2008 9:04 AM 704432]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/3/2008 9:04 AM 704432]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/17/2010 8:26 AM 38224]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 6:11 PM 113192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:01]

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-07-10 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-02 20:09]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005Core.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]

2010-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005UA.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.facebook.com/home.php
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
TCP: {6885A14A-0459-4B6F-AF59-37FF5321123B} = 4.2.2.2,4.2.2.1
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Dan Stout\Application Data\Mozilla\Firefox\Profiles\gne80zrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en|http://www.google.com/firefox?clien...ient=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 05:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1028)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\iavlsp.dll

- - - - - - - > 'explorer.exe'(2592)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\BOINC\boinc.exe
c:\program files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.08_windows_intelx86
c:\windows\System32\vssvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\msdtc.exe
c:\program files\BOINC\projects\www.worldcommunitygrid.org\wcg_hcc1_img_6.08_windows_intelx86
c:\windows\system32\SearchProtocolHost.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-07-10 06:05:58 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 10:05

Pre-Run: 437,049,352,192 bytes free
Post-Run: 436,963,979,264 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7B5F654CED1A27E54D4390D9D55E2E96

 

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-10 21:16:57
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\DANSTO~1\LOCALS~1\Temp\kwgyakoc.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA17887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA178BFE]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA1A86F20]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[500] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[768] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2376] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2876] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[3420] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[4104] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\internet explorer\iexplore.exe[500] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\internet explorer\iexplore.exe[4104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-19 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-e dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

 

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
AVG Free 9.0
iolo technologies' System Mechanic Professional
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Ad-Aware
Malwarebytes' Anti-Malware
CCleaner (remove only)
EasyCleaner
Java(TM) 6 Update 19
Java(TM) 6 Update 5
Java(TM) 6 Update 6
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.3
Japanese Fonts Support For Adobe Reader 9
Mozilla Firefox (3.6.4)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe is disabled!
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

``````````End of Log````````````

 

Everything seems OK


BUT Favorites are not operating. List is still available but clicking on one gives no results
Just looked at machine I found AVG message Threat detected Trojan HOrse Generic 18.VTZ in process c:\Windows\Systems32\svchost

Moved it to vault

There was only one IE window open???

 

ComboFix 10-07-10.02 - Dan Stout 07/11/2010 13:01:32.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1290 [GMT -4:00]
Running from: c:\documents and settings\Dan Stout\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: iolo System Shield *On-access scanning disabled* (Outdated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))
.

2010-07-11 09:00 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 17:07 . 2010-07-09 17:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-09 17:03 . 2010-07-09 17:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2010-07-08 17:01 . 2010-07-08 17:01 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-08 17:00 . 2010-07-08 17:00 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-01 14:01 . 2010-07-01 14:01 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\program files\NOS
2010-07-01 14:00 . 2010-07-01 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-30 19:14 . 2010-07-09 17:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-27 16:14 . 2010-06-27 16:14 -------- d-----w- c:\documents and settings\Dan Stout\Local Settings\Application Data\V-Safe 100

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-11 17:07 . 2008-05-05 13:33 -------- d-----w- c:\program files\BOINC
2010-07-11 14:24 . 2009-12-17 19:06 117760 ----a-w- c:\documents and settings\Dan Stout\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-11 09:00 . 2010-07-11 09:00 503808 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\msvcp71.dll
2010-07-11 09:00 . 2010-07-11 09:00 499712 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\jmc.dll
2010-07-11 09:00 . 2010-07-11 09:00 348160 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-63a204bb-n\msvcr71.dll
2010-07-11 09:00 . 2010-07-11 09:00 61440 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-302c1d18-n\decora-sse.dll
2010-07-11 09:00 . 2010-07-11 09:00 12800 ----a-w- c:\documents and settings\Dan Stout\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-302c1d18-n\decora-d3d.dll
2010-07-11 08:59 . 2008-04-25 17:48 -------- d-----w- c:\program files\Java
2010-07-11 08:54 . 2008-04-25 17:47 -------- d-----w- c:\program files\Common Files\Java
2010-07-10 13:47 . 2008-05-03 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-07-10 13:45 . 2008-04-25 00:16 -------- d-----w- c:\program files\RegScrubXP
2010-07-06 19:44 . 2009-08-21 00:47 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-06-19 20:04 . 2008-07-09 14:10 1539 ----a-w- c:\documents and settings\Dan Stout\Application Data\iolo\restore.bat
2010-06-09 09:56 . 2008-04-25 00:06 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 15:04 . 2009-06-24 18:04 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-03 12:27 . 2008-05-04 10:34 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-03 12:27 . 2008-04-25 00:23 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-29 15:43 . 2010-05-07 18:03 256 ----a-w- c:\windows\system32\pool.bin
2010-05-28 16:59 . 2010-05-28 16:47 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Download Manager
2010-05-26 12:49 . 2008-05-01 11:54 20 -c-h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\Dan Stout\Application Data\Malwarebytes
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-17 12:26 . 2010-05-17 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-06 10:41 . 2006-09-28 00:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2006-09-28 00:01 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 19:39 . 2010-05-17 12:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39 . 2010-05-17 12:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 15:01 . 2009-10-15 12:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-25 14:58 . 2010-04-25 14:59 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-21 18:54 . 2008-05-03 13:04 2316712 ----a-w- c:\windows\system32\Incinerator.dll
2010-04-20 20:40 . 2010-05-03 09:52 490408 ----a-w- c:\documents and settings\Dan Stout\Application Data\iolo\IRestartStub.exe
2010-04-20 05:30 . 2006-09-28 00:01 285696 ----a-w- c:\windows\system32\atmfd.dll
2002-09-11 14:26 . 2008-07-11 15:00 63730 -c--a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@= "{95A27763-F62A-4114-9072-E81D87DE3B68} "
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@= "{E300CD91-100F-4E67-9AF3-1384A6124015} "
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@= "{5E529433-B50E-4bef-A63B-16A6B71B071A} "
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-12-03 21:52 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-09 1576176]
"Google Update "= "c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-14 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL "= "RTHDCPL.EXE" [2008-01-29 16859648]
"IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence "= "c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-06-16 864112]
"SetDefPrt "= "c:\program files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 49152]
"ControlCenter2.0 "= "c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 864256]
"SSBkgdUpdate "= "c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD "= "c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"AVG9_TRAY "= "c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-03 2065248]
"Carbonite Backup "= "c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-12-03 670864]
"dvd43 "= "c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Samsung PanelMgr "= "c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-12-09 606208]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

c:\documents and settings\Dan Stout\Start Menu\Programs\Startup\
OddATC Client.lnk - c:\windows\Installer\{245603B0-960E-45C7-BCBA-37B4E1BE694C}\_5AB6AF14459EC6F53F541E.exe [2009-4-18 766]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-25 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
World Community Grid - BOINC Manager.lnk - c:\program files\BOINC\boincmgr.exe [2008-3-17 3874816]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-09-09 21:19 352256 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-15 13:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/24/2009 2:04 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/4/2008 6:34 AM 216200]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/4/2008 6:34 AM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 10:33 AM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 10:33 AM 55024]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 6:25 PM 122408]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/15/2010 9:35 AM 308064]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/3/2008 9:04 AM 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [5/3/2008 9:04 AM 704432]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1352832]
R2 OddATC Service;OddATC Service;c:\program files\OddATC\OddService.exe [7/29/2007 7:13 PM 61440]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 6:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 6:11 PM 117288]
S2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 6:25 PM 1117224]
S2 hpdj00;hpdj00;c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio --> c:\docume~1\DANSTO~1\LOCALS~1\Temp\hpdj00.exe -servicerunning=true -uninstall=HP Officejet 7200 series -product=aio [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 10:33 AM 7408]
S3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 6:11 PM 113192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 17:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 15:01]

2010-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2010-07-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-09-02 20:09]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005Core.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190923490-1477794370-2506951199-1005UA.job
- c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
LSP: c:\windows\system32\iavlsp.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: microsoft.com
Trusted Zone: turbotax.com
TCP: {6885A14A-0459-4B6F-AF59-37FF5321123B} = 4.2.2.2,4.2.2.1
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxps://secure.iolo.com/app/ocx/UpgradeVerify.cab
FF - ProfilePath - c:\documents and settings\Dan Stout\Application Data\Mozilla\Firefox\Profiles\gne80zrv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en|http://www.google.com/firefox?clien...ient=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Dan Stout\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 10);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-11 13:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(1084)
c:\windows\system32\iavlsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\program files\OddATC\ODDWORKER.EXE
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2010-07-11 13:22:02 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-11 17:21
ComboFix2.txt 2010-07-10 10:06

Pre-Run: 437,032,640,512 bytes free
Post-Run: 437,073,788,928 bytes free

- - End Of File - - 1BEC74A027400F31EBD4435B28C3F628

 

AVG is active, and iolo is System Mechanic, so I need to remove System Mechanic totally?