Solved Personal Internet Security virus

T&S · 2011/02/03

[Resolved] Personal Internet Security virus

After successfully removing Personal Internet Security virus, (hopefully), I can no longer get IE8 to run except in Safe Mode.

Here's what I have done: followed Bleeping Computer's instructions for removal of PIS and followed up with Malwarebytes. PIS won't let my AVG run anymore, so I had to reinstall it and run it. AVG found several problems and quarantined them. Now Spybot has more (in the process of removing them).

I am able to update all AV programs, but not connect to the internet through IE8 except in Safe Mode.

Any suggestions while I wait for Spybot to finish?

PeteC · 2011/02/03

Please read this as indicated at the head of the forum and post the logs requested in this thread.

T&S · 2011/02/03

Personal Internet Security Virus

Sorry. I think this is everything. Thanks for your help.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5667

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/3/2011 9:14:15 AM
mbam-log-2011-02-03 (09-14-15).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 280440
Time elapsed: 1 hour(s), 46 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 16
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 148):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF799B000 \WINDOWS\system32\KDCOM.DLL
0xF78AB000 \WINDOWS\system32\BOOTVID.dll
0xF736C000 ACPI.sys
0xF799D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF735B000 pci.sys
0xF749B000 isapnp.sys
0xF74AB000 ohci1394.sys
0xF74BB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78AF000 compbatt.sys
0xF78B3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A63000 pciide.sys
0xF771B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF799F000 intelide.sys
0xF733D000 pcmcia.sys
0xF74CB000 MountMgr.sys
0xF731E000 ftdisk.sys
0xF79A1000 dmload.sys
0xF72F8000 dmio.sys
0xF7723000 PartMgr.sys
0xF74DB000 VolSnap.sys
0xF72E0000 atapi.sys
0xF772B000 cercsr6.sys
0xF72C8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF74EB000 disk.sys
0xF74FB000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72A9000 fltmgr.sys
0xF7297000 sr.sys
0xF7281000 DRVMCDB.SYS
0xF7733000 PxHelp20.sys
0xF726A000 KSecDD.sys
0xF7257000 WudfPf.sys
0xF71CA000 Ntfs.sys
0xF719D000 NDIS.sys
0xF7182000 Mup.sys
0xF773B000 avgrkx86.sys
0xF750B000 AVGIDSEH.Sys
0xF753B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7987000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF68B5000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF68A1000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF783B000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF687E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7843000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF754B000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF755B000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF686D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF651A000 \SystemRoot\system32\drivers\STAC97.sys
0xF64F6000 \SystemRoot\system32\drivers\portcls.sys
0xF756B000 \SystemRoot\system32\drivers\drmk.sys
0xF64D3000 \SystemRoot\system32\drivers\ks.sys
0xF757B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF64B9000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF784B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7853000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF758B000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79DF000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF759B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF75AB000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF785B000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7B3B000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF75BB000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7993000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF64A2000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF75CB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF75DB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7863000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6491000 \SystemRoot\system32\DRIVERS\psched.sys
0xF75EB000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF786B000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7873000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6438000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF75FB000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79E3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6404000 \SystemRoot\system32\DRIVERS\update.sys
0xF7139000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF787B000 \SystemRoot\system32\DRIVERS\omci.sys
0xF760B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF762B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79EB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79F1000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF763B000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF79F3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7AF7000 \SystemRoot\System32\Drivers\Null.SYS
0xF79F5000 \SystemRoot\System32\Drivers\Beep.SYS
0xF788B000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF7893000 \SystemRoot\System32\drivers\vga.sys
0xF79F7000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79F9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF789B000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78A3000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF795F000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE23F000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE1E7000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE19F000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xEE17E000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7763000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEE12E000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE10C000 \SystemRoot\System32\drivers\afd.sys
0xF764B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE0E0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xEE071000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF766B000 \SystemRoot\System32\Drivers\Fips.SYS
0xEDC35000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF769B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF76BB000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF63DC000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xED4CA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xED462000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A4F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF781B000 \SystemRoot\System32\watchdog.sys
0xF63F0000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7AEB000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF76FB000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7ADB000 \SystemRoot\System32\DLA\DLADResN.SYS
0xEB3AC000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xEB41E000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF79AF000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF778B000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xEB394000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xEB37E000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xEB406000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEB352000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEB342000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xEB0D1000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB094000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB2F6000 \SystemRoot\system32\drivers\sysaudio.sys
0xF765B000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xF7A15000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xED8C1000 \SystemRoot\System32\Drivers\HTTP.sys
0xED869000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDF1E000 \SystemRoot\system32\DRIVERS\srv.sys
0xEDF79000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xEDD45000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0xEDE2E000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xEDCF5000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xF7A3F000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xBA6CE000 \??\C:\DOCUME~1\Josh\LOCALS~1\Temp\pwdoapoc.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 58):
0 System Idle Process
4 System
800 C:\WINDOWS\system32\smss.exe
1036 csrss.exe
1084 C:\WINDOWS\system32\winlogon.exe
1128 C:\WINDOWS\system32\services.exe
1164 C:\WINDOWS\system32\lsass.exe
1316 C:\WINDOWS\system32\ati2evxx.exe
1332 C:\WINDOWS\system32\svchost.exe
1436 svchost.exe
1476 C:\WINDOWS\system32\svchost.exe
1508 C:\WINDOWS\system32\svchost.exe
1680 svchost.exe
1772 svchost.exe
2028 C:\WINDOWS\system32\spoolsv.exe
696 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
768 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
848 C:\WINDOWS\system32\ati2evxx.exe
1060 C:\WINDOWS\explorer.exe
1176 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1552 C:\Program Files\Bonjour\mDNSResponder.exe
1688 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
1848 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
1924 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1932 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
1968 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
336 C:\Program Files\Google\Update\GoogleUpdate.exe
420 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
484 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
488 C:\WINDOWS\system32\svchost.exe
512 C:\WINDOWS\ehome\ehtray.exe
524 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
460 C:\WINDOWS\system32\dla\DLACTRLW.EXE
520 C:\Program Files\BroadJump\Client Foundation\CFD.exe
540 C:\Program Files\CyberLink\Shared Files\brs.exe
564 C:\Program Files\Broadcom\BACS\BacsTray.exe
572 C:\Program Files\AVG\AVG10\avgtray.exe
612 C:\Program Files\Apoint\Apoint.exe
776 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
824 C:\Program Files\DellSupport\DSAgnt.exe
1000 C:\WINDOWS\system32\ctfmon.exe
1376 C:\Program Files\Java\jre6\bin\jqs.exe
1860 C:\Program Files\Digital Line Detect\DLG.exe
2192 C:\Program Files\Common Files\Motive\McciCMService.exe
2332 C:\Program Files\Apoint\ApntEx.exe
2440 C:\WINDOWS\system32\svchost.exe
2540 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2552 C:\WINDOWS\system32\svchost.exe
2668 C:\WINDOWS\system32\svchost.exe
2936 alg.exe
940 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
3956 C:\Program Files\AVG\AVG10\avgemcx.exe
3888 C:\Program Files\AVG\AVG10\avgnsx.exe
3800 C:\Program Files\AVG\AVG10\avgchsvx.exe
228 C:\Program Files\AVG\AVG10\avgrsx.exe
3816 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2608 C:\WINDOWS\system32\notepad.exe
3112 E:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 693F9ADCDAC5860A7960F13D1FACD10AE3DDB257

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-03 14:43:47
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800VE-75HDT1 rev.11.07D11
Running: GMER.exe; Driver: C:\DOCUME~1\Josh\LOCALS~1\Temp\pwdoapoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF765D6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF765D770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF765D810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF765D8B0]

---- Kernel code sections - GMER 1.0.15 ----

C:\Program Files\CyberLink\PowerDVD8\000.fcl entry point in " " section [0xEDD6441C]
.clc C:\Program Files\CyberLink\PowerDVD8\000.fcl unknown last code section [0xEDD65000, 0x1000, 0xE0000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-12-12.02) - NTFSx86
Run by Josh at 14:58:03.65 on Thu 02/03/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.385 [GMT -6:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Personal Internet Security 2011 *Enabled/Updated* {088E7AD5-BF3B-4EC9-BA22-3AB40FAD99F6}
FW: Personal Internet Security 2011 *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\Broadcom\BACS\BacsTray.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/mpfplus/en-us/redir.asp?affid=105-58&installtype=force&dtag=7rs1w81&systempopup=true
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25433
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5CA3D70E-1895-11CF-8E15-001234567890} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No File
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
uRun: [Spyware Doctor with AntiVirus] c:\documents and settings\josh\desktop\sdasetup[1].exe -min
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [tgcmd] "c:\program files\support.com\bellsouth\hcenter.exe" /starthidden /tgcmdwrapper
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [SiteAdvisor] c:\program files\siteadvisor\6066\SiteAdv.exe
mRun: [RemoteControl8] "c:\program files\cyberlink\powerdvd8\PDVD8Serv.exe "
mRun: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe "
mRun: [PDVD8LanguageShortcut] "c:\program files\cyberlink\powerdvd8\language\Language.exe "
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe "
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [BJCFD] c:\program files\broadjump\client foundation\CFD.exe
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [bacstray] c:\program files\broadcom\bacs\\BacsTray.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ATT-SST_McciTrayApp] "c:\program files\att-sst\McciTrayApp.exe "
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe "
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
StartupFolder: c:\documents and settings\josh\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\docume~1\josh\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: c:\program, files\relevantknowledge\rlai.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - No File
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 204.152.194.148 www.google.com
Hosts: 204.152.194.148 google.com
Hosts: 204.152.194.148 google.com.au
Hosts: 204.152.194.148 www.google.com.au

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 AvgLdx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 AvgMfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 AvgTdiX;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\cyberlink\powerdvd8\000.fcl [2008-6-27 61424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
S2 avg9emc;AVG Free E-mail Scanner; "c:\program files\avg\avg9\avgemc.exe" --> c:\program files\avg\avg9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog; "c:\program files\avg\avg9\avgwdsvc.exe" --> c:\program files\avg\avg9\avgwdsvc.exe [?]
S2 gupdate1c9ace2f6fce508;Google Update Service (gupdate1c9ace2f6fce508);c:\program files\google\update\GoogleUpdate.exe [2009-3-24 133104]
S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\drivers\lxrsii1d.sys --> c:\windows\system32\drivers\LxrSII1d.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-1-25 517448]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-7-12 206072]
S3 WTDownloadService;WTDownloadService; "c:\program files\wildtangent games\app\downloadservice.exe" --> c:\program files\wildtangent games\app\DownloadService.exe [?]
S4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

=============== Created Last 30 ================

2011-01-26 22:59:44 -------- d-----w- c:\docume~1\josh\applic~1\AVG10
2011-01-26 22:53:44 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-26 20:07:33 73728 -c--a-w- c:\windows\system32\dllcache\ehresja.dll
2011-01-26 20:07:33 69632 -c--a-w- c:\windows\system32\dllcache\ehresko.dll
2011-01-26 20:07:32 69632 -c--a-w- c:\windows\system32\dllcache\ehresfr.dll
2011-01-26 20:07:31 69632 -c--a-w- c:\windows\system32\dllcache\ehresde.dll
2011-01-26 20:07:16 61440 -c--a-w- c:\windows\system32\dllcache\ehreschs.dll
2011-01-26 20:05:59 18944 -c--a-w- c:\windows\system32\dllcache\simptcp.dll
2011-01-26 20:04:57 7680 -c--a-w- c:\windows\system32\dllcache\migregdb.exe
2011-01-26 20:03:59 7168 -c--a-w- c:\windows\system32\dllcache\f3ahvoas.dll
2011-01-26 20:02:55 68608 -c--a-w- c:\windows\system32\dllcache\isatq.dll
2011-01-26 19:55:25 -------- d-----w- c:\program files\Online Services
2011-01-26 19:55:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-26 19:55:07 16384 ----a-w- c:\program files\internet explorer\connection wizard\isignup.exe
2011-01-26 19:54:26 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-01-26 19:54:26 32768 ----a-w- c:\program files\internet explorer\connection wizard\icwdl.dll
2011-01-26 19:54:25 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-01-26 19:54:25 86016 ----a-w- c:\program files\internet explorer\connection wizard\icwconn2.exe
2011-01-26 19:54:25 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-01-26 19:54:25 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2011-01-26 19:54:25 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-01-26 19:54:25 20480 ----a-w- c:\program files\internet explorer\connection wizard\inetwiz.exe
2011-01-26 19:38:49 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-26 19:38:49 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-26 19:38:48 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-26 19:38:48 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-26 14:24:46 -------- d-----w- c:\windows\dell
2011-01-26 04:32:52 -------- d-----w- c:\program files\common files\PC Tools
2011-01-26 03:41:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-01-26 03:00:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2011-01-26 00:45:24 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-01-26 00:42:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-01-26 00:17:59 -------- d-----w- c:\docume~1\josh\applic~1\AVG8
2011-01-25 23:30:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-01-25 22:51:43 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\PIZAMPS
2011-01-25 22:50:44 -------- d-sh--w- c:\docume~1\alluse~1\applic~1\080774
2011-01-15 19:52:55 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-13 20:09:11 -------- d-----w- c:\program files\LucasArts
2011-01-12 18:22:47 -------- d-----w- c:\program files\Maxis
2011-01-11 22:30:24 -------- d-----w- c:\program files\EA Games
2011-01-11 18:56:58 -------- d-----w- c:\program files\SimTheme Park
2011-01-08 00:21:33 -------- d-----w- c:\docume~1\josh\locals~1\applic~1\Buried In Time
2011-01-08 00:21:31 -------- d-----w- c:\docume~1\alluse~1\applic~1\Buried In Time

==================== Find3M ====================

2010-11-29 23:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts

============= FINISH: 14:59:59.60 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/26/2011 2:07:38 PM
System Uptime: 2/3/2011 12:35:29 PM (3 hours ago)

Motherboard: Dell Inc. | |
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1728/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 29.631 GiB free.
D: is CDROM ()
E: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2915ABG Network Connection
Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2915ABG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4223&SUBSYS_10208086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 2/3/2011 12:28:27 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 204.152.194.148 www.google.com
Hosts: 204.152.194.148 google.com
Hosts: 204.152.194.148 google.com.au
Hosts: 204.152.194.148 www.google.com.au
Hosts: 204.152.194.148 google.be
Hosts: 204.152.194.148 www.google.be
Hosts: 204.152.194.148 google.com.br
Hosts: 204.152.194.148 www.google.com.br
Hosts: 204.152.194.148 google.ca
Hosts: 204.152.194.148 www.google.ca
Hosts: 204.152.194.148 google.ch
Hosts: 204.152.194.148 www.google.ch
Hosts: 204.152.194.148 google.de
Hosts: 204.152.194.148 www.google.de
Hosts: 204.152.194.148 google.dk
Hosts: 204.152.194.148 www.google.dk
Hosts: 204.152.194.148 google.fr
Hosts: 204.152.194.148 www.google.fr
Hosts: 204.152.194.148 google.ie
Hosts: 204.152.194.148 www.google.ie
Hosts: 204.152.194.148 google.it
Hosts: 204.152.194.148 www.google.it
Hosts: 204.152.194.148 google.co.jp
Hosts: 204.152.194.148 www.google.co.jp
Hosts: 204.152.194.148 google.nl
Hosts: 204.152.194.148 www.google.nl
Hosts: 204.152.194.148 google.no
Hosts: 204.152.194.148 www.google.no
Hosts: 204.152.194.148 google.co.nz
Hosts: 204.152.194.148 www.google.co.nz
Hosts: 204.152.194.148 google.pl
Hosts: 204.152.194.148 www.google.pl
Hosts: 204.152.194.148 google.se
Hosts: 204.152.194.148 www.google.se
Hosts: 204.152.194.148 google.co.uk
Hosts: 204.152.194.148 www.google.co.uk
Hosts: 204.152.194.148 google.co.za
Hosts: 204.152.194.148 www.google.co.za
Hosts: 204.152.194.148 www.google-analytics.com
Hosts: 204.152.194.148 www.bing.com
Hosts: 204.152.194.148 search.yahoo.com
Hosts: 204.152.194.148 www.search.yahoo.com
Hosts: 204.152.194.148 uk.search.yahoo.com
Hosts: 204.152.194.148 ca.search.yahoo.com
Hosts: 204.152.194.148 de.search.yahoo.com
Hosts: 204.152.194.148 fr.search.yahoo.com
Hosts: 204.152.194.148 au.search.yahoo.com
Hosts: 74.125.45.100 securitysoftwarepayments.com
Hosts: 74.125.45.100 privatesecuredpayments.com
Hosts: 74.125.45.100 secure.privatesecuredpayments.com
Hosts: 74.125.45.100 secure-plus-payments.com
Hosts: 74.125.45.100 www.secure-plus-payments.com
Hosts: 74.125.45.100 safebrowsing-cache.google.com
Hosts: 74.125.45.100 urs.microsoft.com
Hosts: 74.125.45.100 www.securesoftwarebill.com
Hosts: 74.125.45.100 secure.paysecuresystem.com
Hosts: 74.125.45.100 paysoftbillsolution.com
Hosts: 74.125.45.100 protected.maxisoftwaremart.com

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Adobe Shockwave Player
Advanced Drawing
ALPS Touch Pad Driver
AOLIcon
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Toolbar
ATI Control Panel
ATI Display Driver
AVG 2011
Bejeweled 2 Deluxe
Bonjour
BPDSoftware
Broadcom Management Programs 2
BroadJump Client Foundation
BufferChm
c5200_Help
Chronicles of Albian
Conexant D110 MDC V.9x Modem
Curse Client
CyberLink PowerDVD 8
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell ResourceCD
Dell System Restore
DellSupport
Digital Content Portal
Digital Line Detect
e-Sword
FATE
Fax
GemMaster Mystic
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 6
Java(TM) 6 Update 7
K-Lite Codec Pack 4.1.0 (Standard)
LP_Flash
Macromedia Flash Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIWA
mIWCA
mLogView
mMHouse
MobileMe Control Panel
Modem Helper
Move Networks Media Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
mSSO
MSVCSetup
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mToolkit
Musicmatch for Windows Media Player
Musicmatch MCE
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
NVIDIA PhysX
OpenOffice.org Installer 1.0
Otto
Pando Media Booster
PowerDVD
Qualxserve Service Agreement
QuickSet
QuickTime
RealPlayer
RealUpgrade 1.0
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SimCity 3000
Sonic Encoders
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Star Wars®: Knights of the Old Republic (TM)
Super Collapse! 3
Tetris 4000
The Print Shop 12
Toolbox
Trine
Twisted Lands: Shadow Town
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update Installer for WildTangent Games App
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
V CAST Music with Rhapsody
Viewpoint Media Player
Virtual City
Virtual Families
Virtual Villagers - The Secret City
Virtual Villagers 2 - The Lost Children
Virtual Villagers 4 - The Tree of Life
WebCyberCoach 3.2 Dell
WebFldrs XP
Wheel of Fortune 2
WildTangent Games
WildTangent Games App
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player Firefox Plugin
Yahoo! Install Manager
Youda Survivor

==== Event Viewer Messages From Past Week ========

2/3/2011 9:47:00 AM, error: Service Control Manager [7001] - The Windows Service Pack Installer update service service depends on the Security Accounts Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/3/2011 9:47:00 AM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The dependency service or group failed to start.
2/3/2011 9:47:00 AM, error: Service Control Manager [7001] - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/3/2011 9:47:00 AM, error: Service Control Manager [7001] - The AVG Free E-mail Scanner service depends on the AVG Free WatchDog service which failed to start because of the following error: The system cannot find the file specified.
2/3/2011 9:47:00 AM, error: Service Control Manager [7000] - The Secure II Driver service failed to start due to the following error: The system cannot find the file specified.
2/3/2011 9:47:00 AM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
2/3/2011 9:47:00 AM, error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
2/3/2011 9:47:00 AM, error: Service Control Manager [7000] - The AVG Free WatchDog service failed to start due to the following error: The system cannot find the file specified.
2/3/2011 8:09:48 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
2/3/2011 7:20:51 AM, error: Removable Storage Service [111] - RSM could not load media in drive Drive 0 of library USB Flash Memory USB Device.
2/3/2011 7:03:02 AM, error: Service Control Manager [7000] - The Lexar Secure II service failed to start due to the following error: The system cannot find the file specified.
2/3/2011 12:38:57 PM, error: System Error [1003] - Error code 00000050, parameter1 b7fd3b24, parameter2 00000001, parameter3 b746b3a5, parameter4 00000000.
2/3/2011 12:38:54 PM, error: System Error [1003] - Error code 10000050, parameter1 e2f5001c, parameter2 00000000, parameter3 bf8374d3, parameter4 00000001.
2/3/2011 12:38:35 PM, error: System Error [1003] - Error code 1000008e, parameter1 c0000005, parameter2 bf953492, parameter3 b8ec4c00, parameter4 00000000.
2/3/2011 12:04:44 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 12:04:44 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 12:04:44 PM, error: Service Control Manager [7034] - The EvtEng service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 12:04:43 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 12:04:43 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
2/3/2011 12:04:38 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
2/3/2011 10:45:36 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV AvgLdx86 AvgMfx86 Fips intelppm
2/3/2011 10:15:59 AM, error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/2/2011 9:41:58 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/2/2011 9:41:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/2/2011 9:41:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2/2/2011 9:40:59 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD APPDRV AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/2/2011 9:40:59 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2011 9:40:59 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2011 9:40:59 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2011 9:40:59 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/2/2011 9:40:59 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

==== End Of File ===========================

broni · 2011/02/03

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Your computer is still infected.

We need to double check your MBR.

Download Bootkit Remover to your Desktop.

You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/

After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).

It will show a Black screen with some data on it.

Right click on the screen and click Select All.

Press CTRL+C

Open a Notepad and press CTRL+V

Post the output back here.

===============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

T&S · 2011/02/04

Results

Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 2 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000
Boot sector MD5 is: b0b97a59298315c88839c1503dc86840

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;
Press any key to quit...

ComboFix 11-01-31.02 - Josh 02/04/2011 12:18:44.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.641 [GMT -6:00]
Running from: c:\documents and settings\Josh\Desktop\1235.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\080774
c:\documents and settings\All Users\Application Data\080774\080774ee48ff1ea38ff246de1f4e7122.ocx
c:\documents and settings\All Users\Application Data\080774\6411.mof
c:\documents and settings\All Users\Application Data\080774\BackUp\Digital Line Detect.lnk
c:\documents and settings\All Users\Application Data\080774\e757393a6d8d448e337693abefb1eb23.ocx
c:\documents and settings\All Users\Application Data\080774\PIS.ico
c:\documents and settings\All Users\Application Data\080774\tm9q01uf1u8zsgbsvoy2p45gk45e7tm9q01u8z6aok9q0n.dll
c:\documents and settings\Josh\Recent\ANTIGEN.exe
c:\documents and settings\Josh\Recent\cb.dll
c:\documents and settings\Josh\Recent\cb.drv
c:\documents and settings\Josh\Recent\CLSV.sys
c:\documents and settings\Josh\Recent\eb.drv
c:\documents and settings\Josh\Recent\energy.dll
c:\documents and settings\Josh\Recent\energy.drv
c:\documents and settings\Josh\Recent\exec.sys
c:\documents and settings\Josh\Recent\fan.dll
c:\documents and settings\Josh\Recent\fan.sys
c:\documents and settings\Josh\Recent\FS.dll
c:\documents and settings\Josh\Recent\FS.tmp
c:\documents and settings\Josh\Recent\gid.drv
c:\documents and settings\Josh\Recent\hymt.tmp
c:\documents and settings\Josh\Recent\PE.exe
c:\documents and settings\Josh\Recent\PE.sys
c:\documents and settings\Josh\Recent\PE.tmp
c:\documents and settings\Josh\Recent\ppal.drv
c:\documents and settings\Josh\Recent\runddlkey.tmp
c:\documents and settings\Josh\Recent\sld.exe
c:\documents and settings\Josh\Recent\snl2w.sys
c:\documents and settings\Josh\Recent\tempdoc.exe
c:\documents and settings\Josh\Recent\tjd.exe
c:\documents and settings\Josh\Recent\tjd.tmp
c:\documents and settings\Josh\System
c:\documents and settings\Josh\System\win_qs8.jqx
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 17:21 . 2011-02-04 17:21 -------- d-----w- c:\program files\7-Zip
2011-02-04 00:01 . 2004-08-10 11:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-02-04 00:00 . 2004-08-10 11:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2011-02-03 23:59 . 2004-08-10 11:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-03 23:58 . 2004-08-10 11:00 605696 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2011-02-03 23:57 . 2004-08-10 11:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-02-03 23:44 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-03 23:44 . 2004-08-10 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-03 23:22 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-03 23:22 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-03 23:22 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-03 23:22 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-03 23:22 . 2006-03-30 10:03 22339 ----a-r- c:\windows\SETC9.tmp
2011-02-03 23:22 . 2005-03-30 17:54 10559 ----a-r- c:\windows\SETCA.tmp
2011-02-03 23:22 . 2004-08-10 11:00 13753 ----a-r- c:\windows\SET86.tmp
2011-02-03 23:22 . 2004-08-10 11:00 1086058 ----a-r- c:\windows\SET7A.tmp
2011-02-03 23:22 . 2004-08-10 11:00 106147 ----a-r- c:\windows\SET77.tmp
2011-02-03 16:47 . 2011-02-03 16:47 -------- d-s---w- c:\documents and settings\Administrator\UserData
2011-01-26 22:53 . 2011-02-04 17:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-26 19:54 . 2004-08-10 11:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-01-26 19:54 . 2004-08-10 11:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-01-26 19:54 . 2004-08-10 11:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-01-26 19:54 . 2004-08-10 11:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-01-26 19:54 . 2004-08-10 11:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-01-26 19:54 . 2004-08-10 11:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-01-26 19:54 . 2004-08-10 11:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-01-26 19:54 . 2004-08-10 11:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-01-26 14:24 . 2011-01-26 14:24 -------- d-----w- c:\windows\dell
2011-01-26 13:14 . 2011-01-26 13:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-26 04:32 . 2011-01-26 20:33 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-26 04:25 . 2011-01-26 04:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-26 04:25 . 2011-01-26 04:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-26 03:41 . 2011-01-26 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-26 00:45 . 2011-02-04 00:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-26 00:17 . 2011-01-26 00:17 -------- d-----w- c:\documents and settings\Josh\Application Data\AVG8
2011-01-25 22:51 . 2011-01-25 22:51 -------- d-sh--w- c:\documents and settings\All Users\Application Data\PIZAMPS
2011-01-15 19:52 . 2011-01-23 00:32 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-13 20:09 . 2011-01-13 20:09 -------- d-----w- c:\program files\LucasArts
2011-01-12 18:22 . 2011-01-12 18:22 -------- d-----w- c:\program files\Maxis
2011-01-11 22:30 . 2011-01-11 22:30 -------- d-----w- c:\program files\EA Games
2011-01-11 18:56 . 2011-01-15 18:15 -------- d-----w- c:\program files\SimTheme Park
2011-01-08 00:21 . 2011-01-08 00:21 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Buried In Time
2011-01-08 00:21 . 2011-01-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Buried In Time
2011-01-07 23:54 . 2011-01-26 00:15 -------- d-----w- c:\documents and settings\Hannah

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-11-20 04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-11-20 04:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-04_18.06.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-04 18:12 . 2011-02-04 18:12 16384 c:\windows\Temp\Perflib_Perfdata_778.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor with AntiVirus "= "c:\documents and settings\Josh\Desktop\sdasetup[1].exe" [BU]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor "= "c:\program files\SiteAdvisor\6066\SiteAdv.exe" [BU]
"RemoteControl8 "= "c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"PDVD8LanguageShortcut "= "c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [BU]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"bacstray "= "c:\program files\Broadcom\BACS\\BacsTray.exe" [2004-08-18 118784]
"ATT-SST_McciTrayApp "= "c:\program files\ATT-SST\McciTrayApp.exe" [BU]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-1-27 0]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 10:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\program files\HP\HP Software Update\HPWuSchd2.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
c:\program files\McAfee.com\Agent\mcagent.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-03-10 16:28 488968 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
c:\program files\Support.com\BellSouth\hcenter.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-10 16:28 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax "=2 (0x2)
"Zumie Search Service "=2 (0x2)
"GameConsoleService "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Josh\\Local Settings\\Apps\\2.0\\5GTWMJGC.2G6\\RVY11BB3.ACE\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56166:TCP "= 56166:TCPando Media Booster
"56166:UDP "= 56166:UDPando Media Booster
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424]
S2 avg9emc;AVG Free E-mail Scanner; "c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog; "c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1c9ace2f6fce508;Google Update Service (gupdate1c9ace2f6fce508);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 6:45 PM 133104]
S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys --> c:\windows\system32\Drivers\LxrSII1d.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [7/12/2010 8:23 PM 206072]
S3 WTDownloadService;WTDownloadService; "c:\program files\WildTangent Games\App\DownloadService.exe" --> c:\program files\WildTangent Games\App\DownloadService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbab9f17cf7414.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 00:44]

2011-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-24 20:31]

2009-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-24 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/mpfplus/en-us/redir.asp?affid=105-58&installtype=force&dtag=7rs1w81&systempopup=true
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25433
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 12:26
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD8\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3114220536-1778455975-998574123-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-02-04 12:29:36
ComboFix-quarantined-files.txt 2011-02-04 18:29

Pre-Run: 32,343,433,216 bytes free
Post-Run: 32,340,729,856 bytes free

- - End Of File - - 599BD50DCC1E2C1EBED1D4058155A67C

broni · 2011/02/04

We'll start with fixing your MBR.

Restart computer
When you reboot you will see an option to boot into the Recovery Console or the normal Windows installation.
You have to use the up/down arrows to choose the Recovery Console. Then press Enter but you only have 2 seconds by default.
If you find this hard to do then you can go into Control Panel, System, Advanced, Startup and Recovery, Settings. Where it says Time to Display List of Operating Systems, change it to 10 or more seconds. OK Then reboot.

You should get a black screen with a C:\> prompt. Type with an Enter after each line:

fixmbr

(If it asks you if you are sure then say "Y ".)

exit

Reboot computer.

Post fresh MBRCheck log.

T&S · 2011/02/04

Gives the message: "NTLDR is compressed" Press Ctrl+Alt+Del to restart

broni · 2011/02/04

Please download NTBR by noahdfear and save it to your Desktop.
File size: 2.44 MB (2,565,432 bytes)

Place a blank CD in your CD drive.

Double click on NTBR_CD.exe file and a folder of the same name will appear.

Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.

Follow the prompts to burn the CD.

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)

If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.

Insert the newly created CD into your infected PC and reboot your computer.

Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!

Read the warning and then continue as prompted.

You first need to select your keyboard layout - press Enter for English.

Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK

On the following screen enter 5 to select Install Standard MBR code.

Enter 1 to overwrite the infected MBR Code with the Standard MBR code.

When asked to confirm please do so.

Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.

Eject the disc and then press ctrl+alt+del to reboot the PC.

Once rebooted, run MBRCheck again and post its log.

**Important note to Dell users - fixing the MBR may prevent access to the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. If this is Dell computer, let me know before proceeding.

T&S · 2011/02/04

It is a Dell PC. Unfortunately, I did not see that warning until I had already run MBR check.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 142):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806CE000 \WINDOWS\system32\hal.dll
0xF799B000 \WINDOWS\system32\KDCOM.DLL
0xF78AB000 \WINDOWS\system32\BOOTVID.dll
0xF736C000 ACPI.sys
0xF799D000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF735B000 pci.sys
0xF749B000 isapnp.sys
0xF74AB000 ohci1394.sys
0xF74BB000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF78AF000 compbatt.sys
0xF78B3000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7A63000 pciide.sys
0xF771B000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF799F000 intelide.sys
0xF733D000 pcmcia.sys
0xF74CB000 MountMgr.sys
0xF731E000 ftdisk.sys
0xF79A1000 dmload.sys
0xF72F8000 dmio.sys
0xF7723000 PartMgr.sys
0xF74DB000 VolSnap.sys
0xF72E0000 atapi.sys
0xF772B000 cercsr6.sys
0xF72C8000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF74EB000 disk.sys
0xF74FB000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF72A9000 fltmgr.sys
0xF7297000 sr.sys
0xF7281000 DRVMCDB.SYS
0xF7733000 PxHelp20.sys
0xF726A000 KSecDD.sys
0xF7257000 WudfPf.sys
0xF71CA000 Ntfs.sys
0xF719D000 NDIS.sys
0xF7182000 Mup.sys
0xF6766000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF797F000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF621B000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6207000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7813000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF61E4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF781B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6756000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF6746000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF61D3000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF5EC3000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF5E80000 \SystemRoot\system32\drivers\STAC97.sys
0xF5E5C000 \SystemRoot\system32\drivers\portcls.sys
0xF6736000 \SystemRoot\system32\drivers\drmk.sys
0xF5E39000 \SystemRoot\system32\drivers\ks.sys
0xF6726000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF5E1F000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF7823000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF782B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6716000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF79CB000 \SystemRoot\System32\Drivers\DLACDBHM.SYS
0xF6706000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF66F6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7833000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF7BD0000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF66E6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF798B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF5E08000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF751B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF752B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF783B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF5DF7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF753B000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7843000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF784B000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF5DB5000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF754B000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79CD000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF5D81000 \SystemRoot\system32\DRIVERS\update.sys
0xF713D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7853000 \SystemRoot\system32\DRIVERS\omci.sys
0xF755B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF758B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF79D5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF79D9000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF79DB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB4000 \SystemRoot\System32\Drivers\Null.SYS
0xF79DD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7873000 \SystemRoot\System32\Drivers\DLARTL_N.SYS
0xF787B000 \SystemRoot\System32\drivers\vga.sys
0xF79DF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79E1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7883000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF788B000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF795B000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECE80000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xECE28000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xECE00000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF6384000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xECDDE000 \SystemRoot\System32\drivers\afd.sys
0xF759B000 \SystemRoot\system32\DRIVERS\netbios.sys
0xECDB2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xECD1B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF75BB000 \SystemRoot\System32\Drivers\Fips.SYS
0xECCFA000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF6368000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF75DB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF75EB000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF76EB000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEC079000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A3F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF77FB000 \SystemRoot\System32\watchdog.sys
0xF7953000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7ACF000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF049000 \SystemRoot\System32\ati2cqag.dll
0xBF07D000 \SystemRoot\System32\atikvmag.dll
0xBF0B2000 \SystemRoot\System32\ati3duag.dll
0xBF2F4000 \SystemRoot\System32\ativvaxx.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF75FB000 \SystemRoot\System32\Drivers\DRVNDDM.SYS
0xF7A6E000 \SystemRoot\System32\DLA\DLADResN.SYS
0xB8772000 \SystemRoot\System32\DLA\DLAIFS_M.SYS
0xF5C06000 \SystemRoot\System32\DLA\DLAOPIOM.SYS
0xF7A47000 \SystemRoot\System32\DLA\DLAPoolM.SYS
0xF7803000 \SystemRoot\System32\DLA\DLABOIOM.SYS
0xB875A000 \SystemRoot\System32\DLA\DLAUDFAM.SYS
0xB8744000 \SystemRoot\System32\DLA\DLAUDF_M.SYS
0xB870C000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xB8708000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB8704000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB84AF000 \SystemRoot\system32\drivers\wdmaud.sys
0xEC7D2000 \SystemRoot\system32\drivers\sysaudio.sys
0xB8025000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7A13000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xB7F6C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB7E29000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7E84000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB7CF0000 \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl
0xEC172000 \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
0xF77AB000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB795D000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB7933000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
784 C:\WINDOWS\system32\smss.exe
836 csrss.exe
864 C:\WINDOWS\system32\winlogon.exe
908 C:\WINDOWS\system32\services.exe
920 C:\WINDOWS\system32\lsass.exe
1084 C:\WINDOWS\system32\ati2evxx.exe
1096 C:\WINDOWS\system32\svchost.exe
1200 svchost.exe
1236 C:\WINDOWS\system32\svchost.exe
1268 C:\WINDOWS\system32\svchost.exe
1412 svchost.exe
1524 svchost.exe
1752 C:\WINDOWS\system32\spoolsv.exe
180 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
312 C:\WINDOWS\system32\ati2evxx.exe
380 C:\WINDOWS\explorer.exe
576 C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
584 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
616 C:\Program Files\iTunes\iTunesHelper.exe
624 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
660 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
668 C:\WINDOWS\ehome\ehtray.exe
688 C:\Program Files\Dell\Media Experience\DMXLauncher.exe
696 C:\WINDOWS\system32\dla\DLACTRLW.EXE
704 C:\Program Files\BroadJump\Client Foundation\CFD.exe
720 C:\Program Files\CyberLink\Shared Files\brs.exe
728 C:\Program Files\Broadcom\BACS\BacsTray.exe
776 C:\Program Files\Apoint\Apoint.exe
808 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
820 C:\Program Files\DellSupport\DSAgnt.exe
1124 C:\Program Files\Digital Line Detect\DLG.exe
1384 C:\Program Files\Apoint\ApntEx.exe
1908 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1932 C:\Program Files\Bonjour\mDNSResponder.exe
2012 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
364 C:\WINDOWS\system32\svchost.exe
1300 C:\Program Files\Java\jre6\bin\jqs.exe
268 C:\Program Files\Google\Update\GoogleUpdate.exe
1008 C:\Program Files\Common Files\Motive\McciCMService.exe
1864 C:\WINDOWS\system32\svchost.exe
1968 C:\WINDOWS\system32\svchost.exe
2072 C:\WINDOWS\system32\svchost.exe
2440 C:\Program Files\iPod\bin\iPodService.exe
2472 wmiprvse.exe
2872 alg.exe
3224 C:\WINDOWS\system32\wscntfy.exe
2552 wmiprvse.exe
3120 C:\Documents and Settings\Josh\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`03ec1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD800VE-75HDT1, Rev: 11.07D11

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

broni · 2011/02/04

It is a Dell PC. Unfortunately, I did not see that warning until I had already run MBR check.
Click to expand...

If you have recovery disks, you're fine.
If you don't, you can always order them from Dell.

=================================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\SETC9.tmp
c:\windows\SETCA.tmp
c:\windows\SET86.tmp
c:\windows\SET7A.tmp
c:\windows\SET77.tmp


Folder::
c:\documents and settings\Josh\Application Data\AVG8
c:\documents and settings\All Users\Application Data\PIZAMPS

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25433
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

T&S · 2011/02/04

Results

ComboFix 11-01-31.02 - Josh 02/04/2011 14:22:22.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.646 [GMT -6:00]
Running from: c:\documents and settings\Josh\Desktop\1235.exe
Command switches used :: c:\documents and settings\Josh\Desktop\CFScript.txt

FILE ::
"c:\windows\SET77.tmp "
"c:\windows\SET7A.tmp "
"c:\windows\SET86.tmp "
"c:\windows\SETC9.tmp "
"c:\windows\SETCA.tmp "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\PIZAMPS
c:\documents and settings\All Users\Application Data\PIZAMPS\PIWFHVUEOS.cfg
c:\documents and settings\Josh\Application Data\AVG8
c:\windows\SET77.tmp
c:\windows\SET7A.tmp
c:\windows\SET86.tmp
c:\windows\SETC9.tmp
c:\windows\SETCA.tmp

.
((((((((((((((((((((((((( Files Created from 2011-01-04 to 2011-02-04 )))))))))))))))))))))))))))))))
.

2011-02-04 17:21 . 2011-02-04 17:21 -------- d-----w- c:\program files\7-Zip
2011-02-04 00:01 . 2004-08-10 11:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll
2011-02-04 00:00 . 2004-08-10 11:00 20736 -c--a-w- c:\windows\system32\dllcache\ramdisk.sys
2011-02-03 23:59 . 2004-08-10 11:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2011-02-03 23:58 . 2004-08-10 11:00 605696 -c--a-w- c:\windows\system32\dllcache\getuname.dll
2011-02-03 23:57 . 2004-08-10 11:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2011-02-03 23:44 . 2004-08-10 11:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-02-03 23:44 . 2004-08-10 11:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-02-03 23:22 . 2004-08-10 11:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-02-03 23:22 . 2004-08-10 11:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-02-03 23:22 . 2004-08-10 11:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-02-03 23:22 . 2004-08-10 11:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-02-03 16:47 . 2011-02-03 16:47 -------- d-s---w- c:\documents and settings\Administrator\UserData
2011-01-26 22:53 . 2011-02-04 17:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-01-26 19:54 . 2004-08-10 11:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2011-01-26 19:54 . 2004-08-10 11:00 32768 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwdl.dll
2011-01-26 19:54 . 2004-08-10 11:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2011-01-26 19:54 . 2004-08-10 11:00 86016 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn2.exe
2011-01-26 19:54 . 2004-08-10 11:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2011-01-26 19:54 . 2004-08-10 11:00 214528 ----a-w- c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe
2011-01-26 19:54 . 2004-08-10 11:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2011-01-26 19:54 . 2004-08-10 11:00 20480 ----a-w- c:\program files\Internet Explorer\Connection Wizard\inetwiz.exe
2011-01-26 14:24 . 2011-01-26 14:24 -------- d-----w- c:\windows\dell
2011-01-26 13:14 . 2011-01-26 13:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-01-26 04:32 . 2011-01-26 20:33 -------- d-----w- c:\program files\Common Files\PC Tools
2011-01-26 04:25 . 2011-01-26 04:25 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2011-01-26 04:25 . 2011-01-26 04:25 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2011-01-26 03:41 . 2011-01-26 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-01-26 00:45 . 2011-02-04 00:08 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-01-15 19:52 . 2011-01-23 00:32 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-01-13 20:09 . 2011-01-13 20:09 -------- d-----w- c:\program files\LucasArts
2011-01-12 18:22 . 2011-01-12 18:22 -------- d-----w- c:\program files\Maxis
2011-01-11 22:30 . 2011-01-11 22:30 -------- d-----w- c:\program files\EA Games
2011-01-11 18:56 . 2011-01-15 18:15 -------- d-----w- c:\program files\SimTheme Park
2011-01-08 00:21 . 2011-01-08 00:21 -------- d-----w- c:\documents and settings\Josh\Local Settings\Application Data\Buried In Time
2011-01-08 00:21 . 2011-01-08 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Buried In Time
2011-01-07 23:54 . 2011-01-26 00:15 -------- d-----w- c:\documents and settings\Hannah

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 00:09 . 2009-11-20 04:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2009-11-20 04:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((( SnapShot@2011-02-04_18.06.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-04 19:53 . 2011-02-04 19:53 16384 c:\windows\Temp\Perflib_Perfdata_514.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Doctor with AntiVirus "= "c:\documents and settings\Josh\Desktop\sdasetup[1].exe" [BU]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DellSupport "= "c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor "= "c:\program files\SiteAdvisor\6066\SiteAdv.exe" [BU]
"RemoteControl8 "= "c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-21 83240]
"PDVDDXSrv "= "c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"PDVD8LanguageShortcut "= "c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"MimBoot "= "c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2005-09-09 8192]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"ISUSScheduler "= "c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IntelWireless "= "c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DVDLauncher "= "c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [BU]
"DMXLauncher "= "c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA "= "c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"BJCFD "= "c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2008-06-27 91432]
"bacstray "= "c:\program files\Broadcom\BACS\\BacsTray.exe" [2004-08-18 118784]
"ATT-SST_McciTrayApp "= "c:\program files\ATT-SST\McciTrayApp.exe" [BU]
"ATIPTA "= "c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"Apoint "= "c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]

c:\documents and settings\Josh\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-1-27 0]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-11-19 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [N/A]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 22:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 05:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 10:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
c:\program files\HP\HP Software Update\HPWuSchd2.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
c:\program files\McAfee.com\Agent\mcagent.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2010-03-10 16:28 488968 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 16:44 248552 -c--a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tgcmd]
c:\program files\Support.com\BellSouth\hcenter.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-10 16:28 202256 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Fax "=2 (0x2)
"Zumie Search Service "=2 (0x2)
"GameConsoleService "=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Documents and Settings\\Josh\\Local Settings\\Apps\\2.0\\5GTWMJGC.2G6\\RVY11BB3.ACE\\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\\CurseClient.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56166:TCP "= 56166:TCPando Media Booster
"56166:UDP "= 56166:UDPando Media Booster
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [6/27/2008 3:50 PM 61424]
S2 avg9emc;AVG Free E-mail Scanner; "c:\program files\AVG\AVG9\avgemc.exe" --> c:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog; "c:\program files\AVG\AVG9\avgwdsvc.exe" --> c:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1c9ace2f6fce508;Google Update Service (gupdate1c9ace2f6fce508);c:\program files\Google\Update\GoogleUpdate.exe [3/24/2009 6:45 PM 133104]
S2 LxrSII1d;Secure II Driver;\??\c:\windows\system32\Drivers\LxrSII1d.sys --> c:\windows\system32\Drivers\LxrSII1d.sys [?]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [7/12/2010 8:23 PM 206072]
S3 WTDownloadService;WTDownloadService; "c:\program files\WildTangent Games\App\DownloadService.exe" --> c:\program files\WildTangent Games\App\DownloadService.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2011-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]

2011-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cbab9f17cf7414.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 00:44]

2011-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-02-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 04:09]

2011-01-03 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-04-24 20:31]

2009-07-06 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-04-24 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/mpfplus/en-us/redir.asp?affid=105-58&installtype=force&dtag=7rs1w81&systempopup=true
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-04 14:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD8\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3114220536-1778455975-998574123-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2011-02-04 14:33:30
ComboFix-quarantined-files.txt 2011-02-04 20:33
ComboFix2.txt 2011-02-04 18:29

Pre-Run: 32,332,001,280 bytes free
Post-Run: 32,326,131,712 bytes free

- - End Of File - - 34A366AD57B2A50B26150C81B89AF2E7

broni · 2011/02/04

Very good

How is computer doing?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

T&S · 2011/02/04

While this is running....

These error boxes continue to pop up when booting up:

rundll32.exe - Entry Point Not Found
The procedure entry point GetRequestedRuntimeInfo could not be located in the dynamic link library mscoree.dll

rundll error loading dfshim.dll The requested procedure could not be found.

After I click OK, desktop loads ok. Just not able to get IE to connect and microsoft files will not open.

T&S · 2011/02/04

File is coming in 2 part due to length.

OTL logfile created on: 2/4/2011 2:47:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Josh\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 30.12 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive E: | 953.05 Mb Total Space | 863.13 Mb Free Space | 90.56% Space Free | Partition Type: FAT

Computer Name: D7RS1W81 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/04 14:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\Old Time Geek.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/06/27 15:50:38 | 000,091,432 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2008/03/20 19:23:22 | 000,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2007/09/17 10:56:08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2005/11/07 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\DLACTRLW.EXE
PRC - [2005/06/10 10:44:02 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/10/30 14:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 16:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 16:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/08/18 12:26:56 | 000,118,784 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\BACS\BacsTray.exe
PRC - [2004/08/10 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/09/10 21:26:26 | 000,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe

========== Modules (SafeList) ==========

MOD - [2011/02/04 14:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\Old Time Geek.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WTDownloadService)
SRV - File not found [Auto | Stopped] -- -- (LxrSII1s)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - File not found [Auto | Stopped] -- -- (avg9emc)
SRV - [2011/01/03 18:32:46 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2004/09/07 16:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 16:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 16:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 16:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2008/08/19 10:49:37 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/08/19 10:49:36 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/06/27 15:50:32 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/18 11:02:50 | 000,005,660 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/11/18 11:02:10 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/11/07 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/11/07 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/11/07 04:20:00 | 000,086,652 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/11/07 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/11/07 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/11/07 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/11/07 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2005/08/04 04:10:18 | 001,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/08/03 10:44:16 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/03/10 22:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2004/11/16 16:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 20:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2004/08/31 08:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/12 08:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/10 05:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/10 05:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/10 05:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/10 05:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/10 05:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/10 05:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/10 05:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/10 05:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/10 05:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/10 05:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/10 05:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/10 05:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/10 05:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/10 05:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/10 05:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/10 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 23:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/03 23:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/06/17 20:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 20:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 20:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 20:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/13 16:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

broni · 2011/02/04

OK, keep going.

T&S · 2011/02/04

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/10 10:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

O1 HOSTS File: ([2011/02/04 14:30:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] File not found
O4 - HKLM..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe ()
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\dla\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DVDLauncher] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SiteAdvisor] File not found
O4 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = File not found
O4 - Startup: C:\Documents and Settings\Josh\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4505-8fb8-d0d2d160e512/LegitCheckControl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Josh\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54901231209938944)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 14:45:56 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\Old Time Geek.exe
[2011/02/04 13:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Start Menu\Programs\CyberLink PowerDVD 8
[2011/02/04 13:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\NTBR_CD
[2011/02/04 11:59:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/04 11:54:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/04 11:54:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/04 11:54:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/04 11:54:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/04 11:31:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/04 11:24:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Desktop\bootkit_remover
[2011/02/04 11:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/02/04 11:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/02/03 18:07:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/02/03 18:01:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/02/03 18:01:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/02/03 18:01:06 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/02/03 18:00:47 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/02/03 17:58:09 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/02/03 17:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2011/01/26 16:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/26 13:55:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/01/26 13:53:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/26 13:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/01/26 08:24:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/01/25 22:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/01/25 21:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 18:45:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/25 18:34:36 | 004,622,344 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Josh\My Documents\AVG Free 2011.exe
[2011/01/13 14:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Start Menu\Programs\Games
[2011/01/13 14:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2011/01/12 12:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Maxis
[2011/01/12 12:22:47 | 000,000,000 | ---D | C] -- C:\Program Files\Maxis
[2011/01/11 16:30:24 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/01/11 12:56:58 | 000,000,000 | ---D | C] -- C:\Program Files\SimTheme Park
[2011/01/07 18:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Josh\Local Settings\Application Data\Buried In Time
[2011/01/07 18:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Buried In Time

========== Files - Modified Within 30 Days ==========

[2011/02/04 14:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\Old Time Geek.exe
[2011/02/04 14:30:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/04 13:52:52 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cbab9f17cf7414.job
[2011/02/04 13:52:52 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
[2011/02/04 13:52:51 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
[2011/02/04 13:52:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 13:52:38 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/04 13:34:38 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\NTBR_CD.exe
[2011/02/04 13:22:34 | 000,000,326 | -HS- | M] () -- C:\boot.ini
[2011/02/04 11:37:34 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Josh\Desktop\1235.exe
[2011/02/04 11:37:34 | 004,263,406 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.exe
[2011/02/04 11:20:28 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\7z920.exe
[2011/02/04 11:12:10 | 000,039,605 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\bootkit_remover.rar
[2011/02/03 18:18:46 | 000,448,810 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/03 18:18:46 | 000,074,898 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/03 18:07:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/03 18:05:39 | 000,000,264 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/03 17:55:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/03 17:55:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/03 17:55:26 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/03 17:55:08 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/02/03 17:41:15 | 000,034,380 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/02/03 17:37:47 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/03 17:29:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/02/03 16:51:15 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Global.sw
[2011/02/03 16:14:10 | 000,004,752 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/03 16:03:23 | 000,400,754 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/02/03 12:36:37 | 1073,184,768 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011/02/03 12:20:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\MBRCheck.exe
[2011/02/03 07:21:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/26 16:37:26 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/26 14:22:23 | 000,755,946 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/26 14:12:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
[2011/01/26 14:12:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1006.job
[2011/01/26 14:12:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/26 14:11:36 | 000,282,128 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/26 07:03:20 | 000,430,619 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102649.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115231.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115226.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115223.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115216.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115215.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115212.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110203-115156.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-103255.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102903.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102901.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102759.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102758.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102757.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102755.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102754.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102753.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102751.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102733.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102730.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102725.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102724.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102723.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102717.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102713.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102704.backup
[2011/01/26 07:03:20 | 000,430,619 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110126-102655.backup
[2011/01/25 18:34:36 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Josh\My Documents\AVG Free 2011.exe
[2011/01/22 18:32:08 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/13 14:53:34 | 000,001,673 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/01/12 12:30:53 | 000,000,468 | ---- | M] () -- C:\WINDOWS\EReg072.dat
[2011/01/12 10:34:56 | 000,000,724 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/01/10 09:22:02 | 000,001,973 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Games.lnk

========== Files Created - No Company Name ==========

[2011/02/04 13:53:53 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\MBRCheck.exe
[2011/02/04 13:41:57 | 002,565,432 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\NTBR_CD.exe
[2011/02/04 12:17:01 | 004,263,406 | R--- | C] () -- C:\Documents and Settings\Josh\Desktop\1235.exe
[2011/02/04 12:15:49 | 004,263,406 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.exe
[2011/02/04 11:59:56 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/02/04 11:59:53 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/04 11:54:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/04 11:54:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/04 11:54:56 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/04 11:54:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/04 11:54:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/04 11:42:09 | 1073,152,000 | -HS- | C] () -- C:\hiberfil.sys
[2011/02/04 11:21:08 | 001,110,476 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\7z920.exe
[2011/02/04 11:15:21 | 000,039,605 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\bootkit_remover.rar
[2011/02/03 18:00:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/02/03 17:59:50 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/02/03 17:59:35 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/02/03 17:59:34 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/02/03 17:59:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/02/03 17:59:12 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/02/03 17:59:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/02/03 17:58:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/02/03 17:58:15 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/02/03 17:57:32 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/02/03 17:22:33 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/02/03 17:22:33 | 000,130,715 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/02/03 17:22:33 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2011/02/03 17:22:33 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/02/03 17:22:33 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2011/02/03 17:22:33 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/02/03 17:22:32 | 002,008,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/02/03 17:22:32 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/02/03 17:22:32 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/02/03 17:22:32 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/02/03 17:22:32 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/02/03 17:22:32 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/02/03 17:22:32 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/02/03 17:22:32 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/02/03 17:22:32 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/02/03 17:22:32 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/02/03 17:22:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/02/03 17:22:32 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/02/03 17:22:32 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/02/03 17:22:31 | 000,505,647 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/02/03 12:25:14 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/02/03 12:25:14 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2011/02/03 12:25:14 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2011/02/03 12:25:14 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2011/02/03 12:25:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Josh\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2011/01/26 13:38:33 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/01/26 09:24:14 | 000,755,946 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/26 08:24:45 | 1073,184,768 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2011/01/25 17:17:33 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/01/25 17:17:33 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/01/15 13:52:55 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011/01/13 14:53:34 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\Josh\Desktop\Star Wars Knights of the Old Republic.lnk
[2011/01/11 13:01:48 | 000,000,468 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2011/01/07 22:40:21 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
[2011/01/07 22:40:21 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3114220536-1778455975-998574123-1007.job
[2010/06/30 20:35:08 | 000,002,512 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/10 13:49:25 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\mcs.rma
[2009/08/10 13:49:25 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\98D1AE
[2009/07/11 12:35:58 | 000,000,504 | ---- | C] () -- C:\WINDOWS\ALLETTER.INI
[2009/02/25 16:31:41 | 000,007,220 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\slot1.mm1
[2008/08/07 15:47:33 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\dvd.bmk
[2008/08/04 17:53:06 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/06/26 19:01:04 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/02/29 21:27:57 | 000,000,012 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2007/10/18 16:30:51 | 000,015,358 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/15 10:58:22 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/04/12 16:20:30 | 000,000,210 | ---- | C] () -- C:\Documents and Settings\Josh\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2007/04/04 11:24:21 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/09 12:31:03 | 000,039,242 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/09 11:36:55 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2007/03/09 11:36:38 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2007/03/09 11:36:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2007/03/09 10:15:24 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/09 10:12:07 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Josh\Local Settings\Application Data\fusioncache.dat
[2006/07/30 23:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2005/11/28 18:11:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/19 13:22:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/19 13:12:00 | 000,002,572 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/19 13:05:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/19 13:02:38 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/11/19 12:37:34 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/19 12:36:50 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/10 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/09 22:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[1997/06/13 20:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/02/11 10:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2009/03/20 19:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/02/14 11:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/01/25 21:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/07 18:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buried In Time
[2011/02/03 18:08:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/26 20:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2009/03/21 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2009/03/19 16:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/05 14:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LJZsoft
[2009/04/06 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/12/21 16:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2007/12/21 16:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2009/04/06 20:10:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/02/03 11:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2005/11/19 13:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/01/03 19:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/01/22 12:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangentv1005
[2010/05/02 20:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/11 14:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/26 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/09 20:57:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Virtual City
[2011/01/09 20:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\YoudaGames
[2009/11/27 22:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Acreon
[2009/02/14 11:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\AT&T
[2008/08/11 13:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Eyeblaster
[2009/02/28 13:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Friday's games
[2009/02/17 12:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Geneforge 3 Saved Games
[2007/08/29 12:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Grisoft
[2007/03/12 17:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Leadertech
[2007/07/05 17:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\LucasArts
[2008/12/21 16:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Nova Development
[2007/12/21 16:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Otto
[2009/03/16 15:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Petroglyph
[2009/03/21 13:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\Total Eclipse
[2009/06/15 07:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\WildTangentv1001
[2009/04/16 19:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Josh\Application Data\WildTangentv1002

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/01/09 20:23:02 | 000,000,000 | ---- | M] () -- C:\AILog.txt
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/02/12 09:46:11 | 040,494,370 | ---- | M] () -- C:\BellSouthIW.reg
[2011/02/03 17:37:47 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/02/04 13:22:34 | 000,000,326 | -HS- | M] () -- C:\boot.ini
[2008/07/02 15:35:54 | 000,009,164 | ---- | M] () -- C:\CLDMA.LOG
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/02/04 14:33:31 | 000,016,674 | ---- | M] () -- C:\ComboFix.txt
[2005/08/16 04:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/02/11 10:40:32 | 000,000,216 | ---- | M] () -- C:\DebugTrace-RockallDLL.log
[2005/11/19 12:42:02 | 000,005,599 | RH-- | M] () -- C:\dell.sdr
[2011/02/04 13:52:38 | 1073,152,000 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/03 17:29:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2005/11/19 13:10:06 | 000,000,829 | -H-- | M] () -- C:\IPH.PH
[2011/01/03 17:34:15 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/11/15 18:12:11 | 000,025,570 | ---- | M] () -- C:\MDacLog.txt
[2008/04/19 09:37:12 | 000,003,580 | ---- | M] () -- C:\mombi.log
[2005/08/16 04:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/07 10:15:44 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/04 13:52:36 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2009/04/06 20:09:45 | 000,000,204 | ---- | M] () -- C:\Plugins
[2011/02/03 07:15:10 | 000,000,586 | ---- | M] () -- C:\rkill.log
[2005/11/19 13:10:16 | 000,000,071 | ---- | M] () -- C:\SystemInfo.ini
[2009/08/18 10:27:15 | 000,000,840 | ---- | M] () -- C:\updatedatfix.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/02/03 17:46:38 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/07/03 10:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
[2007/03/15 14:32:10 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2007/10/20 17:21:50 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2011/01/09 20:45:29 | 000,001,326 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\WildTangent Games.lnk

< %APPDATA%\Microsoft\*.* >
[2009/02/14 14:13:05 | 000,001,714 | -H-- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >
[2007/08/15 10:58:23 | 000,000,251 | ---- | M] () -- C:\Program Files\wt3d.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/02/03 11:19:08 | 005,242,880 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/02/03 17:02:56 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2011/02/03 11:19:08 | 038,535,168 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/02/03 11:19:08 | 007,602,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/02/03 17:55:41 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/03/09 10:12:22 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/08/16 04:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Josh\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/02/04 11:37:34 | 004,263,406 | R--- | M] () -- C:\Documents and Settings\Josh\Desktop\1235.exe
[2011/02/04 11:20:28 | 001,110,476 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\7z920.exe
[2011/02/04 11:37:34 | 004,263,406 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\ComboFix.exe
[2011/02/03 12:20:04 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\MBRCheck.exe
[2011/02/04 13:34:38 | 002,565,432 | ---- | M] () -- C:\Documents and Settings\Josh\Desktop\NTBR_CD.exe
[2011/02/04 14:43:30 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Josh\Desktop\Old Time Geek.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2008/08/15 16:44:34 | 035,124,856 | ---- | M] ( ) -- C:\Documents and Settings\Josh\My Documents\AdbeRdr90_en_US.exe
[2011/01/25 18:34:36 | 004,622,344 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Josh\My Documents\AVG Free 2011.exe
[2009/03/19 16:50:12 | 062,270,256 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Josh\My Documents\avg_free_stf_en_85_278a1439.exe
[2009/04/06 20:07:37 | 001,630,024 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\CombatArmsDownloaderV21.exe
[2008/08/04 18:40:46 | 121,963,448 | ---- | M] ( ) -- C:\Documents and Settings\Josh\My Documents\CyberLink.1830U_DVD071109-06_R1_Trial_Ultra.exe
[2007/04/11 12:23:59 | 012,985,371 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\fatebonus.exe
[2007/03/12 18:12:38 | 000,116,079 | ---- | M] () -- C:\Documents and Settings\Josh\My Documents\isum_hotfix.exe
[2008/08/02 20:28:35 | 063,530,280 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Josh\My Documents\iTunesSetup.exe
[2008/08/04 17:48:31 | 007,096,997 | ---- | M] ( ) -- C:\Documents and Settings\Josh\My Documents\klcodec410s.exe
[2008/07/02 15:21:36 | 029,398,885 | ---- | M] (CyberLink ) -- C:\Documents and Settings\Josh\My Documents\PDVD_6_trial_9lang.exe
[2008/01/27 14:43:21 | 000,325,168 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Josh\My Documents\RealPlayer11GOLD.exe
[2009/04/23 21:03:59 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Josh\My Documents\setup-spybotsd162.exe
[2007/08/29 08:02:09 | 005,037,072 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Josh\My Documents\Spybot.exe
[2008/08/15 17:13:12 | 000,185,008 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Josh\My Documents\uninstall_flash_player.exe
[2008/08/02 19:58:15 | 012,983,416 | ---- | M] (W3i, LLC) -- C:\Documents and Settings\Josh\My Documents\VLC decoder.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/03/09 10:12:21 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Josh\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/05/18 10:39:05 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Josh\Cookies\desktop.ini
[2011/02/04 14:33:34 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\Josh\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 05:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe
[2 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]

< %SYSTEMROOT%\Installer\*.exe >
[2004/10/29 21:56:50 | 000,466,944 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 18:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 08:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 11:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 18:12:28 | 001,695,232 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:77A023CE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TempFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3E69E337

< End of report >

broni · 2011/02/04

I still need Extras.txt

T&S · 2011/02/04

Sorry, missed that one

OTL Extras logfile created on: 2/4/2011 2:47:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Josh\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 566.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 30.12 Gb Free Space | 43.14% Space Free | Partition Type: NTFS
Drive E: | 953.05 Mb Total Space | 863.13 Mb Free Space | 90.56% Space Free | Partition Type: FAT

Computer Name: D7RS1W81 | User Name: Josh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"56166:TCP" = 56166:TCP:*:Enabledando Media Booster
"56166:UDP" = 56166:UDP:*:Enabledando Media Booster
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"139:TCP" = 139:TCP:LocalSubNetisabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetisabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetisabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetisabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\Josh\Local Settings\Apps\2.0\5GTWMJGC.2G6\RVY11BB3.ACE\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe" = C:\Documents and Settings\Josh\Local Settings\Apps\2.0\5GTWMJGC.2G6\RVY11BB3.ACE\curs..tion_eee711038731a406_0004.0000_172b37d8269e5e48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3DD1FE66-5536-41E3-B786-70068887B3F4}" = The Print Shop 12
"{3E5D61E1-7F07-406D-9E84-5A22373AE897}" = Tetris 4000
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{87791AF4-4D4C-43DC-97BF-05EEEE5187F2}" = e-Sword
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAFFEF7F-08B3-45b3-B215-418175C4E9DD}" = c5200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D42B6F90-1084-4C9B-AF28-958926E6E32E}" = LP_Flash
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.20
"989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Drawing 1.10" = Advanced Drawing
"ATI Display Driver" = ATI Display Driver
"ATTToolbar" = AT&T Toolbar
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BroadJump Client Foundation" = BroadJump Client Foundation
"C2D8F0E2-6978-4409-8351-BA8785DA11EE" = FATE
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Musicmatch MCE" = Musicmatch MCE
"ProInst" = Intel(R) PROSet/Wireless Software
"RealPlayer 12.0" = RealPlayer
"SimCity 3000" = SimCity 3000
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Super Collapse! 3" = Super Collapse! 3
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent dell Master Uninstall" = WildTangent Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format Runtime
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WTA-3ba841c8-c6e3-4b88-a9fb-f48f07bcb33d" = Trine
"WTA-4182f4d5-2dca-4914-a1a4-d261d4cf5576" = Youda Survivor
"WTA-56c4b9e1-91eb-408b-beb4-3a76c35ce57d" = Wheel of Fortune 2
"WTA-7b9c32ef-207b-459e-bb6a-65ac1656bd4f" = Virtual Villagers 4 - The Tree of Life
"WTA-82621fa3-f038-4d16-b916-2218ab9b715f" = Virtual Families
"WTA-b1f7f9da-904e-4b02-864c-59623190cb5c" = Virtual City
"WTA-bf7c0069-4951-4717-8547-09cafed9302d" = Virtual Villagers - The Secret City
"WTA-c1413f58-e8c6-4269-9c63-2046dbad406c" = Virtual Villagers 2 - The Lost Children
"WTA-c312e5ed-17c5-4c2c-bdcf-eb5c30a50318" = Twisted Lands: Shadow Town
"WTA-fb1a2141-0777-4b01-a0c0-5e5c51b2d293" = Chronicles of Albian
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3114220536-1778455975-998574123-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/26/2011 3:53:34 PM | Computer Name = D7RS1W81 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 1/26/2011 3:53:34 PM | Computer Name = D7RS1W81 | Source = System.EnterpriseServices | ID = 0
Description = System.EnterpriseServices failed to install. Please fix the problem
(see exception below) and run 'regasm System.EnterpriseServices.dll' again to install
System.EnterpriseServices. Exception: 'System.Runtime.InteropServices.COMException
(0x8004E00F): COM+ was unable to talk to the Microsoft Distributed Transaction
Coordinator at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String
bstrPartitionIDOrName) at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type
t)'

Error - 1/26/2011 3:57:05 PM | Computer Name = D7RS1W81 | Source = VSS | ID = 4101
Description = Volume Shadow Copy Service error: Cannot obtain the collection 'Applications'
from the COM+ catalog [0x8004e00f].

Error - 1/26/2011 4:16:16 PM | Computer Name = D7RS1W81 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 2/3/2011 7:42:48 PM | Computer Name = D7RS1W81 | Source = ASP.NET 1.0.3705.6018 | ID = 1031
Description =

Error - 2/3/2011 7:42:55 PM | Computer Name = D7RS1W81 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 2/3/2011 7:42:55 PM | Computer Name = D7RS1W81 | Source = System.EnterpriseServices | ID = 0
Description = System.EnterpriseServices failed to install. Please fix the problem
(see exception below) and run 'regasm System.EnterpriseServices.dll' again to install
System.EnterpriseServices. Exception: 'System.Runtime.InteropServices.COMException
(0x8004E00F): COM+ was unable to talk to the Microsoft Distributed Transaction
Coordinator at System.EnterpriseServices.Admin.ICatalog2.CurrentPartition(String
bstrPartitionIDOrName) at System.EnterpriseServices.RegistrationHelperTx.InstallUtilityApplication(Type
t)'

Error - 2/3/2011 7:46:48 PM | Computer Name = D7RS1W81 | Source = VSS | ID = 4101
Description = Volume Shadow Copy Service error: Cannot obtain the collection 'Applications'
from the COM+ catalog [0x8004e00f].

Error - 2/3/2011 8:10:13 PM | Computer Name = D7RS1W81 | Source = COM+ | ID = 135763
Description = The run-time environment was unable to initialize for transactions
required to support transactional components. Make sure that MS-DTC is running.
(DtcGetTransactionManagerEx(): hr = 0x8004d01

Error - 2/4/2011 1:33:34 PM | Computer Name = D7RS1W81 | Source = MsiInstaller | ID = 11921
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

[ OSession Events ]
Error - 5/22/2009 3:34:17 PM | Computer Name = D7RS1W81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 708 seconds with 480 seconds of active time. This session ended with a crash.

Error - 6/8/2009 1:25:36 AM | Computer Name = D7RS1W81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 1691 seconds with 240 seconds of active time. This session ended with a
crash.

Error - 6/8/2009 3:37:10 AM | Computer Name = D7RS1W81 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 157 seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/4/2011 3:53:05 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 3:53:05 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 3:53:05 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 3:53:05 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 3:55:45 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 3:55:45 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 4:20:02 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 4:22:38 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 4:22:39 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

Error - 2/4/2011 4:33:40 PM | Computer Name = D7RS1W81 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1058

< End of report >

broni · 2011/02/04

You can reinstall AVG AFTER running all of the following steps.

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

================================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [On_Demand | Stopped] -- -- (WTDownloadService)
SRV - File not found [Auto | Stopped] -- -- (avg9wd)
SRV - File not found [Auto | Stopped] -- -- (avg9emc)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O4 - HKLM..\Run: [SiteAdvisor] File not found
O4 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006..\Run: [Spyware Doctor with AntiVirus] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = File not found
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKU\S-1-5-21-3114220536-1778455975-998574123-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/sh...0/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mystery%20P.I.%20-%20The%20New%20York%20Fortune/Images/armhelper.ocx (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
[2011/01/26 16:53:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/01/25 21:41:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/25 18:45:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/01/25 21:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2005/11/19 13:10:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
@Alternate Data Stream - 97 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:77A023CE
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:3E69E337

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

T&S · 2011/02/04

Great! I can get online.

The first site directs me to "How do test whether Java is working on my computer?

It has resources to the side to install, remove older versions etc.

Java has not worked properly in the past with this pc. Should I follow link to remove older version and reinstall a new one?

Log in or Sign up

Solved Personal Internet Security virus

T&S Well-Known Member Thread Starter

PeteC SuperGeek Staff

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Solved Personal Internet Security virus

T&S Well-Known Member Thread Starter

PeteC SuperGeek Staff

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

broni Moderator Malware Analyst

T&S Well-Known Member Thread Starter

Share This Page

Useful Searches