Solved IE & Firefox Browsers Hijacked

[Resolved] IE & Firefox Browsers Hijacked

Hi. Hope I am doing this correctly. Running Windows XP Home w/ Service Pack 2 on the machine affected. (I am on my known clean laptop at the moment)

Over the weekend I visited GameCopyWorld.Com (a site that has always seemed relatively safe if you are savvy with computers at all). I was going to look for No-CD patches for Halo 1 (just to run legit copies without CD in drive).

Well, before I even was able to move very far into the site I noticed a quick pop-up window that looked like one of the notices when you are opening a PDF file asking you to update your Adobe Reader to view a file that is in a new format, but I wasn't trying to open any PDF files. It vanished by itself without me clicking anything!

I immediately closed my internet connection (Verizon Wireless) and closed the browser (Firefox 3.5.5) attempting to stop any rogue from downloading. Thought I was ok.

Well, immediately I started getting notice from an unknown virus program that I had 43 infections and it kept telling me all my executable files were infected when I tried to run ANYTHING. I found out pretty quickly by searching for the name of the FAKE anti-virus program what it was and that it was likely installed by the Conficker worm virus.

So I downloaded and used 5 different tools in succession to insure the worm was removed (after the first one the rest pretty much stated the virus was not present, so the 1st one must have removed it). But the fake anti-virus program remained. I researched some more and downloaded Malwarebytes which was stated to deal with this particular program well, and it appears to have removed it just fine.

NOW it seems during this giant thrashing I was under, there is still something remaining. When I search Google and click links which appear normal and show as what they state they are when you hover over them with your pointer, the browser begins to load the proper site apparently, but immediately changes the address. It loads something unrelated like "Monster Marketplace.com ", "NeXplore.com search engine ", "environmentalshop.com search engine ", and many other weird search sites and silly non-related search results.

This is happening with Firefox AND IE browsers. I know I should be keeping my anti-virus up to date and being more diligent with Windows updates, but I have an intermittent signal with Verizon (my only available broadband service) and have been using AVG Free 7.5 for a very long time. I should have upgraded it and many other aspects of my system, but seem to have more problems when I apply updates to Windows than I have when I leave it alone.

Well, I did update AVG to the Free version 9 and upgraded my ancient Ad-Aware 2007 to 2008, but except for Ad-Aware detecting an infection in a restore point I made after removing the worm and fake AV program, they both show the system as pretty clean now, but the browser hijacker is still there. Here are the 2 required logs I made on the affected system with the DDS tool:


DDS (Ver_10-03-17.01) - NTFSx86
Run by Torrey Gilstrap at 17:32:37.00 on Tue 06/08/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1532 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Documents and Settings\Torrey Gilstrap\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\torrey~1\applic~1\mozilla\firefox\profiles\ufyezjlz.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-6-7 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-6-7 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-6-7 242896]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-7 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-7 308064]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [2008-1-27 54271]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2008-2-3 22144]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [2007-5-10 367744]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-6-7 430152]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [2009-1-24 132232]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2008-1-28 815104]

=============== Created Last 30 ================

2010-06-07 23:40:32 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-06-07 21:49:27 0 d--h--w- C:\$AVG
2010-06-07 21:38:41 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-07 21:38:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-07 21:38:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-07 21:38:31 0 d-----w- c:\windows\system32\drivers\Avg
2010-06-07 21:38:30 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-06-07 21:38:15 0 d-----w- c:\program files\AVG
2010-06-07 21:38:15 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-06-06 04:48:47 0 d-----w- c:\docume~1\torrey~1\applic~1\Malwarebytes
2010-06-06 04:46:49 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 04:46:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 04:46:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-05 22:37:53 54156 ---ha-w- c:\windows\QTFont.qfn
2010-06-05 22:37:53 1409 ----a-w- c:\windows\QTFont.for

==================== Find3M ====================

2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 17:33:07.50 ===============


_____________________________________________________________



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/25/2008 7:19:57 PM
System Uptime: 6/8/2010 4:52:51 PM (1 hours ago)

Motherboard: MSI | | MS-7280
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2613/200mhz
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+ | CPU 1 | 2613/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 75.631 GiB free.
D: is FIXED (NTFS) - 354 GiB total, 272.121 GiB free.
E: is FIXED (NTFS) - 19 GiB total, 18.609 GiB free.
F: is CDROM (UDF)
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&258F370F&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&258F370F&0
Service: i8042prt

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\12E5794DC1000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\12E5794DC1000
Service: NIC1394

==== System Restore Points ===================

RP1: 6/6/2010 7:28:13 PM - System Checkpoint
RP2: 6/6/2010 7:36:06 PM - AfterCleanedConfickerWorm&FakeAntiVirusProgramOut
RP3: 6/6/2010 8:48:05 PM - Removed AVG 7.5
RP4: 6/6/2010 8:48:44 PM - Installed AVG 7.5
RP5: 6/7/2010 5:37:54 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP6: 6/7/2010 5:38:15 PM - Installed AVG Free 9.0
RP7: 6/7/2010 5:44:46 PM - Avg Update
RP8: 6/7/2010 7:40:24 PM - Removed Ad-Aware 2007
RP9: 6/7/2010 7:41:42 PM - Installed Ad-Aware
RP10: 6/7/2010 8:18:20 PM - Ad-Aware Restore Point 2010-06-07 20:18:19
RP11: 6/7/2010 8:46:45 PM - AfterFirstScanWithAdAware2008(Should be relatively clean, it deleted a restore point that was infected.)

==== Installed Programs ======================

Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0
Arcade! Classic Arcade Pack
ATI - Software Uninstall Utility
ATI Display Driver
AVG Free 9.0
BitPim 1.0.6
Bonjour
Core Center
Cottage Of Doom 1.0
Counter-Strike
Counter-Strike: Source
Day of Defeat
DeathAdder(TM) Mouse
Deathmatch Classic
DVDFab Platinum 2.9.7.3
DVDFab Platinum 4.1.0.2 Ghosthunter release
eFax Messenger
FLV Player 2.0 (build 25)
GB-PVR
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Lost Coast
Hauppauge WinTV
Hauppauge WinTV Radio
Hauppauge WinTV Scheduler
Hauppauge WinTV TV Services
Hauppauge WinTV2000
High Definition Audio Driver Package - KB888111
HP USB Disk Storage Format Tool
Hurrican 1.0.0.4
InterVideo FilterSDK for Hauppauge
Java(TM) 6 Update 6
LG USB Modem driver
LightScribe System Software 1.12.29.2
Logitech Harmony Remote Software 7
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Drivers
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 Parser and SDK
nanoPEG-Editor 2.6.0 for WinTV
Nero 7
neroxml
Portal
Quake III Arena
Quake III Arena Point Release 1.32
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
RivaTuner v2.06
Samsung USB Driver (MCCI 4.34) WHQL v3.4
Sierra Utilities
Sony Vegas Movie Studio Platinum 8.0
Sophos confic-a Cleanup Tool
Steam
SUPER © Version 2009.bld.35 (Jan 5, 2009)
Team Fortress 2
Team Fortress 2 Dedicated Server
Team Fortress Classic
Tunatic
Unreal Tournament
Update for Windows XP (KB896256)
VZAccess Manager
Warcraft III
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Installer 3.1 (KB893803)
WinRAR archiver
WinZip

==== Event Viewer Messages From Past Week ========

6/6/2010 8:39:55 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The HID Input Service service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Fast User Switching Compatibility service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Error Reporting Service service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s).
6/6/2010 8:39:51 PM, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
6/6/2010 12:24:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/5/2010 9:42:42 AM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
6/5/2010 7:23:55 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
6/5/2010 7:23:55 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
6/5/2010 3:55:05 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0019DBF6B478 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/5/2010 10:05:31 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdK8 Avg7Core Avg7RsW Avg7RsXP Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
6/5/2010 10:05:31 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2010 10:05:31 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2010 10:05:31 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2010 10:05:31 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2010 10:05:31 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/5/2010 10:05:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2010 10:05:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================


THANKS!

 

I realise you have run it already, but can you please do so again as per the following instructions;


* Run MalwareBytesAnti-Malware.
* Check for any updates using the built-in updater.
* Once the program has updated, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

=================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT


* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

Following these instructions now... will take a while because I have to copy/paste from here to a file and put it on a thumbdrive to use on the affected system since it is tough to surf on the other pc. Also sharing a USB wireless modem amongst the 2 machines so I can update the software.

Here's the Malwarebytes LOG. There was no SHOW RESULTS option. It only popped up the log right after scanning:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4182

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/8/2010 8:55:16 PM
mbam-log-2010-06-08 (20-55-16).txt

Scan type: Quick scan
Objects scanned: 126340
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

MWBytes LOG

Here's the Malwarebytes LOG, but it gave me no option to SHOW RESULTS or a way to check all for removal. There were many tabs, but only things like Update and etc. The log file opened immediately after the scan in Notepad:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4182

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/8/2010 8:55:16 PM
mbam-log-2010-06-08 (20-55-16).txt

Scan type: Quick scan
Objects scanned: 126340
Time elapsed: 3 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________

Doing the second part with OTL now... slow going.

 

Here's the other two logs from the TOL tool:

OTL.Txt:

OTL logfile created on: 6/8/2010 9:31:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Torrey Gilstrap\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 75.62 Gb Free Space | 81.18% Space Free | Partition Type: NTFS
Drive D: | 353.98 Gb Total Space | 272.12 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive E: | 18.62 Gb Total Space | 18.61 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TORREYATHLONX2
Current User Name: Torrey Gilstrap
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
PRC - [2010/06/07 17:44:43 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/07 17:44:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/07 17:44:42 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/07 17:44:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/07 17:44:18 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/07 17:38:16 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/07 17:38:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2006/12/06 23:30:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2006/11/24 17:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006/11/22 14:42:44 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/07 17:38:16 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/07 17:38:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/30 05:52:26 | 000,167,936 | ---- | M] (WelltonWay) [Disabled | Stopped] -- D:\Devnz\GBPVR\GBPVRRecordingService.exe -- (GB-PVR Recording Service)
SRV - [2007/02/20 16:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [Disabled | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - [2010/06/07 17:44:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/07 17:44:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/07 17:38:36 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 03:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 03:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2009/08/21 03:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/22 17:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/30 14:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/10/05 11:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 11:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/05/10 15:43:40 | 000,367,744 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/05/01 17:01:38 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH80C0.sys -- (SaiH80C0)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/12/28 12:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/15 02:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/14 16:29:56 | 000,022,144 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2006/08/14 09:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 07:56:38 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/23 16:05:36 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 13:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/07 17:45:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/07 17:38:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 15:09:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/26 20:59:04 | 000,000,000 | ---D | M]

[2009/11/26 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Mozilla\Extensions
[2008/01/27 18:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Mozilla\Firefox\Profiles\ufyezjlz.default\extensions
[2010/06/07 19:26:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe File not found
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/25 20:18:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/25 14:59:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/08 21:29:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
[2010/06/07 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/07 18:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\AVG Security Toolbar
[2010/06/07 17:49:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/07 17:38:41 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/07 17:38:41 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/07 17:38:36 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/07 17:38:35 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/07 17:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/06 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/06/06 19:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/06 19:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/06 00:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Malwarebytes
[2010/06/06 00:46:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/06 00:46:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/06 00:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/05 19:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\ulmpinywa
[2010/06/05 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\gxlqidlmj
[2010/04/07 18:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\LIVEUPDATE
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/08 21:26:41 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/08 21:26:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/08 21:26:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
[2010/06/08 21:14:17 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\ntuser.dat
[2010/06/08 21:14:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Torrey Gilstrap\ntuser.ini
[2010/06/08 20:59:09 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/08 17:29:01 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\dds.scr
[2010/06/07 19:41:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/07 18:16:27 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/07 18:16:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 17:44:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/07 17:44:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/07 17:38:41 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/07 17:38:41 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/07 17:38:36 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/07 17:38:35 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 03:13:43 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/06/06 00:46:51 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 18:37:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/05 18:37:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/05 09:07:31 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\default.pls
[2010/05/31 05:05:10 | 002,645,908 | -H-- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\IconCache.db
[2010/05/25 20:02:46 | 000,000,797 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2010/05/19 20:47:50 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Final Burn Alpha.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 18:56:17 | 000,002,316 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010/04/07 18:22:01 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Arcade! Classic Arcade Pack.lnk
[2010/04/04 12:32:19 | 000,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 12:32:19 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 12:32:19 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/08 17:32:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\dds.scr
[2010/06/07 19:41:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/07 17:38:41 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/07 17:38:35 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/07 17:38:31 | 060,836,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/06 03:13:30 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/06/06 00:46:51 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 18:37:53 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/05 18:37:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/19 20:47:50 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Final Burn Alpha.lnk
[2010/04/07 18:22:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Arcade! Classic Arcade Pack.lnk
[2009/12/18 20:34:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/18 20:34:08 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/06/28 23:15:22 | 000,000,797 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009/06/28 13:41:02 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2009/06/28 13:41:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2009/06/28 13:17:54 | 000,000,456 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/05/14 20:04:57 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/24 00:33:32 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0.Dll
[2009/01/24 00:33:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0C.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_10.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0A.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_07.dll
[2009/01/24 00:33:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_09.dll
[2009/01/24 00:33:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0402.dll
[2008/11/15 15:43:01 | 000,000,294 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008/11/12 21:07:01 | 000,000,132 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/04/28 14:08:32 | 000,001,055 | ---- | C] () -- C:\WINDOWS\ARCHPR4.INI
[2008/02/12 15:57:49 | 000,000,406 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2008/02/07 14:11:28 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/28 15:57:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/01/28 15:56:59 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/01/28 15:56:59 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/28 15:56:03 | 000,002,316 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/01/28 15:55:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/01/26 22:58:07 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/05/01 17:01:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_11.dll
[2006/07/21 16:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/09 00:43:06 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/10/03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini

========== LOP Check ==========

[2010/06/07 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 20:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/06/07 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/13 15:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/01/13 15:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
[2009/12/18 20:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/02/05 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/28 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/11 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/28 20:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\System32\config\*.sav >
[2008/01/25 15:04:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/25 15:04:11 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/25 15:04:11 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
< End of report >


EXTRAS.Txt:

OTL Extras logfile created on: 6/8/2010 9:31:31 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Torrey Gilstrap\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 75.62 Gb Free Space | 81.18% Space Free | Partition Type: NTFS
Drive D: | 353.98 Gb Total Space | 272.12 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive E: | 18.62 Gb Total Space | 18.61 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TORREYATHLONX2
Current User Name: Torrey Gilstrap
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "D:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Steam\SteamApps\torture71\team fortress 2\hl2.exe" = D:\Steam\SteamApps\torture71\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:MSI starter -- (Nero AG)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Documents and Settings\Torrey Gilstrap\Local Settings\Temp\Nero Web\SetupXu.exe" = C:\Documents and Settings\Torrey Gilstrap\Local Settings\Temp\Nero Web\SetupXu.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"D:\Steam\SteamApps\torture71\team fortress classic\hl.exe" = D:\Steam\SteamApps\torture71\team fortress classic\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*isabled:Nero ShowTime -- (Nero AG)
"D:\Warcraft III\Warcraft III.exe" = D:\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- (Blizzard Entertainment)
"D:\Mame32_Kaillera_Netplay\mame32k0.64 Hack 2 kaillera netplay support\mame32k.exe" = D:\Mame32_Kaillera_Netplay\mame32k0.64 Hack 2 kaillera netplay support\mame32k.exe:*:Enabled:mame32k -- ()
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"D:\Steam\steam.exe" = D:\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Steam\SteamApps\torture71\source 2007 dedicated server\srcds.exe" = D:\Steam\SteamApps\torture71\source 2007 dedicated server\srcds.exe:*:Enabled:srcds -- File not found
"D:\Halo\halo.exe" = D:\Halo\halo.exe:*:Enabled:Halo -- (Microsoft Corporation)
"D:\UnrealTournament\System\UnrealTournament.exe" = D:\UnrealTournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"D:\OldHalf-Life\hl.exe" = D:\OldHalf-Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"D:\Quake III Arena\quake3.exe" = D:\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{048DB60B-5AD7-40D3-ACDA-6E8B233829FA}" = Logitech Harmony Remote Software 7
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{29CBFC23-05A7-4286-93B8-BABE29BC1033}" = Nero 7
"{2c557f98-ef74-4a1e-a856-9df2f633b41f}" = Sophos confic-a Cleanup Tool
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8F24606B-AB39-4D2F-9F1F-5D7E71B2C3F8}" = GB-PVR
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B8E8C8EC-5C22-4B02-9C02-D851262F574C}" = Sony Vegas Movie Studio Platinum 8.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CF8C077A-B467-4C43-8DB5-3A9B94FF9681}" = LightScribe System Software 1.12.29.2
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6DA606-904D-4C18-823F-A4CFC3035E53}" = eFax Messenger
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = DeathAdder(TM) Mouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Arcade! Classic Arcade Pack" = Arcade! Classic Arcade Pack
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Core Center" = Core Center
"Cottage Of Doom_is1" = Cottage Of Doom 1.0
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.0.2 Ghosthunter release
"DVDFab Platinum_is1" = DVDFab Platinum 2.9.7.3
"FLV Player" = FLV Player 2.0 (build 25)
"Half-Life" = Half-Life
"Halo" = Microsoft Halo
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Radio" = Hauppauge WinTV Radio
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"Hurrican_is1" = Hurrican 1.0.0.4
"InstallShield_{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"nanoPEG-Editor 2.6.0 for WinTV_is1" = nanoPEG-Editor 2.6.0 for WinTV
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"RivaTuner" = RivaTuner v2.06
"Sierra Utilities" = Sierra Utilities
"Steam App 10" = Counter-Strike
"Steam App 20" = Team Fortress Classic
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 30" = Day of Defeat
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"Tunatic" = Tunatic
"UnrealTournament" = Unreal Tournament
"VZAccess Manager" = VZAccess Manager
"Warcraft III" = Warcraft III
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2008 2:05:00 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1000
Description = Faulting application nero.exe, version 7.10.1.2, faulting module unknown,
version 0.0.0.0, fault address 0x00000000.

Error - 12/18/2008 2:05:11 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1001
Description = Fault bucket 541247223.

Error - 12/23/2008 6:16:33 PM | Computer Name = TORREYATHLONX2 | Source = Application Hang | ID = 1002
Description = Hanging application mame32k.exe, version 0.54.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2008 6:16:40 PM | Computer Name = TORREYATHLONX2 | Source = Application Hang | ID = 1001
Description = Fault bucket 12800764.

Error - 12/23/2008 6:18:44 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1000
Description = Faulting application mame32k.exe, version 0.54.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/23/2008 6:18:52 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1001
Description = Fault bucket 21049781.

Error - 12/23/2008 6:20:59 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1000
Description = Faulting application mame32k.exe, version 0.54.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/23/2008 6:21:05 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1001
Description = Fault bucket 21049781.

Error - 12/23/2008 11:23:13 PM | Computer Name = TORREYATHLONX2 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20071.12718, faulting
module unknown, version 0.0.0.0, fault address 0x02ec31a9.

Error - 12/24/2008 3:22:27 AM | Computer Name = TORREYATHLONX2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application vegasmoviestudiope80.exe, version 8.0.0.139,
stamp 47978217, faulting module unknown, version 0.0.0.0, stamp 00000000, debug?
0, fault address 0x00000000.

[ System Events ]
Error - 6/7/2010 5:46:36 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/7/2010 7:25:41 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/7/2010 7:25:41 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/7/2010 8:44:41 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/7/2010 8:44:41 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/8/2010 4:53:43 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/8/2010 4:53:43 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/8/2010 8:47:32 PM | Computer Name = TORREYATHLONX2 | Source = ipnathlp | ID = 31008
Description = The DNS proxy agent was unable to read the local list of name-resolution
servers
from the registry. The data is the error code.

Error - 6/8/2010 9:27:03 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/8/2010 9:27:03 PM | Computer Name = TORREYATHLONX2 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >

 

Please download JavaRa

If you get this message:
Problems with the download? Please use this direct link or try another mirror.

Select the Direct link download unzip it to your Desktop.

Double click JavaRa.exe then click Remove Older Versions.

Follow any prompts; a log will popup (JavaRa.log)-- please post the contents of this log.

Next, open JavaRa.exe again, and select Search For Updates.

Select Update Using Sun Java's Website --> Search, and continue the instructions for downloading and installing the latest Java version. Look for JDK 6 Update 20 (JDK or JRE). On the right select this one Download JRE..

In Vista and Windows 7 run the tool as Administrator.

=============

Run OTL

• Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
  
  
  Code:

  :OTL
  [2010/06/05 19:18:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\ulmpinywa
  [2010/06/05 19:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\gxlqidlmj
  
  :Commands
  [emptytemp]
  [resethosts]
  [Reboot]

• Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
• Let the program run unhindered, reboot the PC when it is done.
• Post the log from this run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

 

Will get this done tomorrow... after 11PM on east coast here, got work in the morning. Thanks, and I will continue this tomorrow afternoon!

 

I'm on the West coast......................Of Australia. Which East coast are you?

 

I am on the East coast of the US in South Carolina. Continuing with your instructions right now. Downloading Javara and the rest.

 

Whew... ok got it all done (still having to do a lot of swapping with my thumbdrive and Verizon wireless modem).

Ran JavaRa and removed older versions. Here's the log it made:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Wed Jun 09 18:54:20 2010

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_06

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610006

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160060}

Found and removed: Software\Classes\JavaPlugin.160_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_06

Found and removed: Software\JavaSoft\Java2D\1.6.0_06

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_06\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_06.b02\

------------------------------------

Finished reporting.



I then followed the directions and downloaded the JRE and installed it. Went fine.

Then I ran OTL, pasted the code you supplied into the Custom Scans/Fixes box, and clicked Run/Fix. It finished, said it needed to reboot, so I let it do so. Here's the log it produced afterwards:

All processes killed
========== OTL ==========
C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\ulmpinywa folder moved successfully.
C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\gxlqidlmj folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 32768 bytes

User: Administrator.TORREYATHLONX2
->Temp folder emptied: 6515779 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3223031 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4693559 bytes
->Flash cache emptied: 2608 bytes

User: Torrey Gilstrap
->Temp folder emptied: 1436005672 bytes
->Temporary Internet Files folder emptied: 3056194 bytes
->Java cache emptied: 3602395 bytes
->FireFox cache emptied: 64400336 bytes
->Flash cache emptied: 1984472 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31616036 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 799 bytes

Total Files Cleaned = 1,485.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.5.3 log created on 06092010_192118

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Finally, I ran OTL again and clicked Quick Scan, and here's the log it produced:

OTL logfile created on: 6/9/2010 7:27:51 PM - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Torrey Gilstrap\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 76.90 Gb Free Space | 82.55% Space Free | Partition Type: NTFS
Drive D: | 353.98 Gb Total Space | 272.11 Gb Free Space | 76.87% Space Free | Partition Type: NTFS
Drive E: | 18.62 Gb Total Space | 18.61 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.92 Gb Total Space | 1.30 Gb Free Space | 67.45% Space Free | Partition Type: FAT
I: Drive not present or media not loaded

Computer Name: TORREYATHLONX2
Current User Name: Torrey Gilstrap
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
PRC - [2010/06/07 17:44:43 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/07 17:44:42 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/07 17:44:42 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/07 17:44:18 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/07 17:44:18 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/07 17:38:16 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/06/07 17:38:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2006/12/06 23:30:42 | 000,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2006/11/24 17:24:16 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2006/11/22 14:42:44 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
MOD - [2004/08/04 08:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/07 17:38:16 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/06/07 17:38:15 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2008/07/07 08:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/30 05:52:26 | 000,167,936 | ---- | M] (WelltonWay) [Disabled | Stopped] -- D:\Devnz\GBPVR\GBPVRRecordingService.exe -- (GB-PVR Recording Service)
SRV - [2007/02/20 16:11:28 | 000,815,104 | ---- | M] (Hauppauge Computer Works) [Disabled | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)


========== Driver Services (SafeList) ==========

DRV - [2010/06/07 17:44:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/07 17:44:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/07 17:38:36 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/21 03:08:00 | 000,024,960 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2009/08/21 03:08:00 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2009/08/21 03:08:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/22 17:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/10/30 14:05:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\RivaTuner v2.06\RivaTuner32.sys -- (RivaTuner32)
DRV - [2007/10/05 11:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 11:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/05/10 15:43:40 | 000,367,744 | ---- | M] (Hauppauge Computer Works, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw18bda.sys -- (hcw18bda)
DRV - [2007/05/01 17:01:38 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH80C0.sys -- (SaiH80C0)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2006/12/28 12:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2006/11/15 02:34:00 | 004,225,920 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/14 16:29:56 | 000,022,144 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2006/08/14 09:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/16 07:56:38 | 000,083,968 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/23 16:05:36 | 000,039,936 | ---- | M] (MICRO-STAR INT'L CO., LTD.) [Kernel | On_Demand | Stopped] -- C:\Program Files\MSI\Core Center\RushTop.sys -- (RushTopDevice)
DRV - [2005/08/17 09:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG CDMA Modem Diagnostic Serial Port (WDM)
DRV - [2005/08/17 09:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 09:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 09:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2002/07/17 09:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2001/08/17 13:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/07 17:45:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/06/07 17:38:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/05 15:09:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 19:17:26 | 000,000,000 | ---D | M]

[2009/11/26 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Mozilla\Extensions
[2008/01/27 18:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Mozilla\Firefox\Profiles\ufyezjlz.default\extensions
[2010/06/09 19:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 19:17:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/06/09 19:17:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/06/09 19:21:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [eFax 4.4] C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe File not found
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/25 20:18:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/09 19:21:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/06/09 19:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/06/08 21:29:36 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
[2010/06/07 19:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/06/07 18:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\AVG Security Toolbar
[2010/06/07 17:49:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/06/07 17:38:41 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/07 17:38:41 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/07 17:38:36 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/07 17:38:35 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/07 17:38:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/06/07 17:38:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/07 17:38:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/06/06 20:48:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/06/06 19:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/06 19:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/06 00:48:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Torrey Gilstrap\Application Data\Malwarebytes
[2010/06/06 00:46:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/06 00:46:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/06 00:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/07 18:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\LIVEUPDATE

========== Files - Modified Within 90 Days ==========

[2010/06/09 19:23:23 | 000,000,500 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/06/09 19:23:14 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/09 19:23:12 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/09 19:23:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/09 19:22:10 | 012,058,624 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\ntuser.dat
[2010/06/09 19:22:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Torrey Gilstrap\ntuser.ini
[2010/06/09 19:21:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/06/09 18:35:40 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\JavaRa.zip
[2010/06/08 21:16:56 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Torrey Gilstrap\Desktop\OTL.exe
[2010/06/08 20:59:09 | 060,836,474 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/08 17:29:01 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\dds.scr
[2010/06/07 19:41:44 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/07 18:16:27 | 000,000,096 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/07 18:16:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/07 17:44:43 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/07 17:44:42 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/07 17:38:41 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/06/07 17:38:41 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/07 17:38:36 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/06/07 17:38:35 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/06 03:13:43 | 000,002,263 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/06/06 00:46:51 | 000,000,478 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 18:37:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/05 18:37:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/05 09:07:31 | 000,000,092 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\default.pls
[2010/05/31 05:05:10 | 002,645,908 | -H-- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Local Settings\Application Data\IconCache.db
[2010/05/25 20:02:46 | 000,000,797 | ---- | M] () -- C:\WINDOWS\QIII.INI
[2010/05/19 20:47:50 | 000,000,513 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Final Burn Alpha.lnk
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/07 18:56:17 | 000,002,316 | ---- | M] () -- C:\WINDOWS\HCWPNP.INI
[2010/04/07 18:22:01 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Arcade! Classic Arcade Pack.lnk
[2010/04/04 12:32:19 | 000,458,340 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/04 12:32:19 | 000,392,296 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 12:32:19 | 000,058,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2010/06/09 18:52:58 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\JavaRa.zip
[2010/06/08 17:32:23 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\dds.scr
[2010/06/07 19:41:44 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/06/07 17:38:41 | 000,001,513 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/06/07 17:38:35 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/06/07 17:38:31 | 060,836,474 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/06 03:13:30 | 000,002,263 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Sophos confic-a Cleanup Tool.lnk
[2010/06/06 00:46:51 | 000,000,478 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/05 18:37:53 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/06/05 18:37:53 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/05/19 20:47:50 | 000,000,513 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Final Burn Alpha.lnk
[2010/04/07 18:22:01 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\Torrey Gilstrap\Desktop\Arcade! Classic Arcade Pack.lnk
[2009/12/18 20:34:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2009/12/18 20:34:08 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2009/06/28 23:15:22 | 000,000,797 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2009/06/28 13:41:02 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2009/06/28 13:41:02 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\TrackerNET.dll
[2009/06/28 13:17:54 | 000,000,456 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/05/14 20:04:57 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/24 00:33:32 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0.Dll
[2009/01/24 00:33:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0C.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_10.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0A.dll
[2009/01/24 00:33:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_07.dll
[2009/01/24 00:33:32 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_09.dll
[2009/01/24 00:33:32 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_0402.dll
[2008/11/15 15:43:01 | 000,000,294 | ---- | C] () -- C:\WINDOWS\n02.ini
[2008/11/12 21:07:01 | 000,000,132 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2008/04/28 14:08:32 | 000,001,055 | ---- | C] () -- C:\WINDOWS\ARCHPR4.INI
[2008/02/12 15:57:49 | 000,000,406 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2008/02/07 14:11:28 | 000,000,096 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/28 15:57:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/01/28 15:56:59 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2008/01/28 15:56:59 | 000,000,135 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/28 15:56:03 | 000,002,316 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/01/28 15:55:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/01/26 22:58:07 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2007/05/01 17:01:36 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC80C0_11.dll
[2006/07/21 16:50:34 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2004/08/04 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 08:00:00 | 000,011,376 | R--- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/09 00:43:06 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/10/03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini

========== LOP Check ==========

[2010/06/07 19:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/06/06 20:48:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/06/07 17:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/13 15:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Output
[2010/01/13 15:56:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eFax Messenger 4.4 Setup
[2009/12/18 20:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2008/02/05 13:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/04/28 20:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/05/11 20:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/28 20:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
< End of report >


Thanks. Awaiting more directions...

 

Looks ok so far. I need you to see if the problem persists now.
Will also get you to do an on-line scan.

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

• The program will install and then begin downloading the latest definition files.
• After the files have been downloaded on the left side of the page in the Scan section select My Computer.
• This will start the program and scan your system.
• The scan will take a while, so be patient and let it run.
• Once the scan is complete, click on View scan report
• Now, click on the Save Report as button.
• In the drop down box labeled Files of type change the type to Text file.
• Save the file to your Desktop.
• Copy and paste that information in your next post.

 

Problem is still here. Firefox still redirecting (didn't check IE but can if you need me to). Whoa... took over 2 hours on my slow connection for the Kaspersky to update. Started it's scan around midnight last night and left it running. Took over an hour to scan it says. Here is the report in TXT format:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, June 10, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, June 10, 2010 01:42:05
Records in database: 4241739
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Objects scanned: 51190
Threats found: 5
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 01:01:11


File name / Threat / Threats count
D:\Downloads\actkl.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.2301 1
D:\Downloads\actkl.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.27 1
D:\Downloads\actkl.exe Infected: not-a-virus:Monitor.Win32.ActualSpy.252 1
D:\Downloads\archpr.zip Infected: not-a-virusSWTool.Win32.AdvancedPR.c 1
D:\DVDFab Platinum 4\DVDFabPlatinum.exe Infected: Trojan.Win32.Agent.dexh 1

Selected area has been scanned.


Awaiting more help... thank you!

 

You need to delete those entries found by kaspersky.

Please download [color= "#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

==

Let me know if the problem persists and if IE has the problem too.

 

Those entries Kaspersky found have been deleted and removed from Recycle Bin. Running the program on infected pc now. Will post results soon. Thanks!

 

Both IE AND Firefox are still doing it, but sometimes they will let me go to the links fine for a few clicks, then it starts doing it. Oddly Firefox seems to never do it on sites like CNET and Yahoo Answers. Here's the LOG from the last program you told me to use:

GooredFix by jpshortstuff (08.01.10.1)
Log created at 18:16 on 10/06/2010 (Torrey Gilstrap)
Firefox version 3.5.5 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:48 27/01/2008]
{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} [14:23 10/06/2008]
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [23:17 09/06/2010]

C:\Documents and Settings\Torrey Gilstrap\Application Data\Mozilla\Firefox\Profiles\ufyezjlz.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71} "= "C:\Program Files\AVG\AVG9\Firefox" [21:38 07/06/2010]
"avg@igeared "= "C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared" [21:38 07/06/2010]
"jqs@sun.com "= "C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [23:17 09/06/2010]

-=E.O.F=-


Thanks again, and sorry this takes a bit of time!

 

No worries about the time taken. Slow and steady and all that .

Please download ComboFix by sUBs from HERE or HERE

• You must download it to and run it from your Desktop
• Physically disconnect from the internet.
• Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
• Double click combofix.exe & follow the prompts.
• When finished, it will produce a log. Please save that log to post in your next reply.
• Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

 

Would DDS or OTL give you a comparable HJT log? I don't think you gave me a link to the HJT program yet, but I have seen all the other posts asking people to run it. Running Combofix as per your instructions (BTW: My infected pc is acting slightly slow to respond and appears to have frozen once or twice on me this evening). Hope it's not getting worse from all my tinkering the past couple days.

EDIT:

OK. Ran ComboFix (it had to download Microsoft Recovery System I think it was, so I attached the wireless modem and allowed it to), then it scanned, rebooted once I think, and went through about 50 "Phases ". It for some reason removed my Razer gaming mouse drivers from running processes. Odd, but I can fix that later if needed. Here is the ComboFix log:

ComboFix 10-06-10.03 - Torrey Gilstrap 06/10/2010 23:10:54.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1574 [GMT -4:00]
Running from: c:\documents and settings\Torrey Gilstrap\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Torrey Gilstrap\Application Data\inst.exe

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-09 23:21 . 2010-06-09 23:21 -------- d-----w- C:\_OTL
2010-06-09 23:17 . 2010-06-09 23:17 503808 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56bf015e-n\msvcp71.dll
2010-06-09 23:17 . 2010-06-09 23:17 499712 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56bf015e-n\jmc.dll
2010-06-09 23:17 . 2010-06-09 23:17 348160 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-56bf015e-n\msvcr71.dll
2010-06-09 23:17 . 2010-06-09 23:17 61440 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-74c3346a-n\decora-sse.dll
2010-06-09 23:17 . 2010-06-09 23:17 12800 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-74c3346a-n\decora-d3d.dll
2010-06-09 23:17 . 2010-06-09 23:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-07 23:40 . 2010-06-07 23:40 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-06-07 23:29 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-06-07 22:26 . 2010-06-07 22:26 -------- d-----w- c:\documents and settings\Torrey Gilstrap\Local Settings\Application Data\AVG Security Toolbar
2010-06-07 21:49 . 2010-06-07 21:49 -------- d-----w- C:\$AVG
2010-06-07 21:44 . 2010-06-07 21:44 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-07 21:44 . 2010-06-07 21:44 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-07 21:38 . 2010-06-07 21:44 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-07 21:38 . 2010-06-07 21:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-07 21:38 . 2010-06-07 21:38 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-07 21:38 . 2010-06-07 21:44 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-07 21:38 . 2010-06-10 13:52 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-07 21:38 . 2010-06-07 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-06-07 21:38 . 2010-06-07 21:38 -------- d-----w- c:\program files\AVG
2010-06-07 21:38 . 2010-06-07 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-07 00:48 . 2010-06-07 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg7
2010-06-06 07:13 . 2010-06-06 07:13 65536 ----a-r- c:\documents and settings\Torrey Gilstrap\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2010-06-06 07:13 . 2010-06-06 07:13 65536 ----a-r- c:\documents and settings\Torrey Gilstrap\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\gui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2010-06-06 07:13 . 2010-06-06 07:13 65536 ----a-r- c:\documents and settings\Torrey Gilstrap\Application Data\Microsoft\Installer\{2c557f98-ef74-4a1e-a856-9df2f633b41f}\ARPPRODUCTICON.exe
2010-06-06 05:00 . 2010-06-06 05:00 -------- d-----w- c:\documents and settings\Administrator.TORREYATHLONX2\Application Data\Malwarebytes
2010-06-06 04:48 . 2010-06-06 04:48 -------- d-----w- c:\documents and settings\Torrey Gilstrap\Application Data\Malwarebytes
2010-06-06 04:46 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 04:46 . 2010-06-06 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-06 04:46 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 04:24 . 2010-06-06 04:24 -------- d-----w- c:\documents and settings\Administrator.TORREYATHLONX2\Local Settings\Application Data\Mozilla
2010-06-06 04:24 . 2010-06-06 04:24 12328 ----a-w- c:\documents and settings\Administrator.TORREYATHLONX2\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 22:05 . 2008-04-30 01:17 -------- d-----w- c:\documents and settings\Torrey Gilstrap\Application Data\Vso
2010-06-10 22:05 . 2008-04-30 01:17 47360 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\pcouffin.sys
2010-06-10 22:05 . 2008-04-30 01:17 47360 ----a-w- c:\documents and settings\Torrey Gilstrap\Application Data\pcouffin.sys
2010-06-10 22:05 . 2008-02-12 19:03 -------- d-----w- c:\program files\DVDFab Platinum
2010-06-09 23:53 . 2008-01-28 19:56 -------- d-----w- c:\program files\WinTV
2010-06-09 23:18 . 2008-06-10 14:20 -------- d-----w- c:\program files\Common Files\Java
2010-06-09 23:17 . 2008-06-10 14:23 -------- d-----w- c:\program files\Java
2010-06-09 23:02 . 2010-04-07 22:22 -------- d-----w- c:\program files\LIVEUPDATE
2010-06-07 23:41 . 2008-01-28 00:16 -------- d-----w- c:\program files\Lavasoft
2010-06-07 23:39 . 2008-01-28 00:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-12 00:38 . 2008-04-29 00:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2006-05-03 10:06 . 2009-05-15 00:01 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2009-05-15 00:01 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2009-05-15 00:01 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder "= "c:\program files\Razer\DeathAdder\razerhid.exe" [2006-12-07 159744]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Openwares LiveUpdate "= "c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-07 21:38 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CoreCenter.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\CoreCenter.lnk
backup=c:\windows\pss\CoreCenter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Torrey Gilstrap^Start Menu^Programs^Startup^GB-PVR Tray.lnk]
path=c:\documents and settings\Torrey Gilstrap\Start Menu\Programs\Startup\GB-PVR Tray.lnk
backup=c:\windows\pss\GB-PVR Tray.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 06:06 1667584 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-11-14 09:21 16270848 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-21 20:55 1217872 ----a-w- d:\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv "=2 (0x2)
"LightScribeService "=2 (0x2)
"iPod Service "=3 (0x3)
"HauppaugeTVServer "=3 (0x3)
"Apple Mobile Device "=2 (0x2)
"aawservice "=2 (0x2)
"GB-PVR Recording Service "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"d:\\Steam\\SteamApps\\torture71\\team fortress 2\\hl2.exe "=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe "=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe "=
"d:\\Warcraft III\\Warcraft III.exe "=
"d:\\Mame32_Kaillera_Netplay\\mame32k0.64 Hack 2 kaillera netplay support\\mame32k.exe "=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe "=
"d:\\Steam\\steam.exe "=
"d:\\Halo\\halo.exe "=
"d:\\UnrealTournament\\System\\UnrealTournament.exe "=
"d:\\OldHalf-Life\\hl.exe "=
"d:\\Quake III Arena\\quake3.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe "=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe "=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/7/2010 5:38 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/7/2010 5:38 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/7/2010 5:38 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/7/2010 5:38 PM 308064]
R3 BCM42XX;Broadcom iLine10(tm) Network Adapter Driver;c:\windows\system32\drivers\bcm42xx5.sys [1/27/2008 1:03 AM 54271]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2/3/2008 1:40 AM 22144]
R3 hcw18bda;Hauppauge WinTV 418 Driver;c:\windows\system32\drivers\hcw18bda.sys [5/10/2007 3:43 PM 367744]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/7/2010 5:38 PM 430152]
S3 SaiH80C0;SaiH80C0;c:\windows\system32\drivers\SaiH80C0.sys [1/24/2009 12:33 AM 132232]
S4 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [1/28/2008 3:57 PM 815104]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-01-24 17:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Torrey Gilstrap\Application Data\Mozilla\Firefox\Profiles\ufyezjlz.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eFax 4.4 - c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
MSConfigStartUp-iTunesHelper - d:\itunes\iTunesHelper.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-06-10 23:14:14
ComboFix-quarantined-files.txt 2010-06-11 03:14

Pre-Run: 91,335,716,864 bytes free
Post-Run: 91,429,261,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - AAFFD3341B91DC9557812B927F4E6DBA


OK. I downloaded HJT from this page: http://test.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

I will run it on the infected pc and post the log in a few minutes I hope. THANKS!

EDIT!
I downloaded version 2.0.4 HJT Installer from here: http://free.antivirus.com/hijackthis/ since I saw Broni recommend that link in another message and will use that instead. Sorry.

 

Here's the HJT log. I ran this with my AVGFree 9 resident antivirus and link scanner disabled still in case it matters:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:18 PM, on 6/10/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe "
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

--
End of file - 4728 bytes

 

Run Hijackthis again and do another scan. Place a tick in the box to the left of the following entry:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555

Now, close all browser window and then click Fix checked in Hijackthis.

Reboot your pc and see if the problem remains.

 

Done as you instructed. Waiting on reboot now. Will have to swap my modem into infected pc to attempt using the browsers. BRB with the results. Thanks as always.