Solved XP Wont connect to internet

KRB · 2011/05/16

[Resolved] XP Wont connect to internet

for the past week my familys xp computer hasnt been able to connect to the internet but all others in the house will connect.
well after running malware bytes and gmer the internet works now, but I figured Id post just to make sure ive cleaned everything.

Malwarebytes log
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6587

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/05/2011 12:47:47 AM
mbam-log-2011-05-16 (00-47-46).txt

Scan type: Quick scan
Objects scanned: 192874
Time elapsed: 29 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ( "C:\Documents and Settings\Bahuaud\Local Settings\Application Data\srn.exe" -a "C:\Program Files\Internet Explorer\IEXPLORE.EXE ") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\zrpt.xml (Malware.Trace) -> Quarantined and deleted successfully.

KRB · 2011/05/16

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-16 21:28:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3250824AS rev.3.AHH
Running: i6jp8l75.exe; Driver: C:\DOCUME~1\Bahuaud\LOCALS~1\Temp\ugdyyaog.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF321D6C0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF321D770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF321D810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF321D8B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6F4E360, 0x20574D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 280A74D0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 280A7330 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 280A72B0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 280A7580 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 280A73B0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 280A75F0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 280A6AF0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] kernel32.dll!FindResourceExA 7C835FA8 7 Bytes JMP 280A7440 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 280A65F0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 280A6650 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 280ABCE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 280A9780 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 280AB290 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 280AB3E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 280ABA30 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 280A8AA0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 280AB330 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 280ABBB0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 280AB610 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 280A9E70 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 280B0450 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 280B0110 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 280AFF60 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 280AFE30 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 280B0280 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 280A8210 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 280A7BD0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 280A7850 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] ole32.dll!CoRegisterClassObject 775179C0 5 Bytes JMP 280A7950 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 280AF040 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 280AF180 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 280AEEE0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2560] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 280AF0E0 C:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Xfire\Xfire.exe[3248] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 038337AC C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 03833150 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 03832BC8 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 03832B2D C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 03832A99 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 0383329B C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 038333E9 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 038331F7 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!InvalidateRect 7E428FD5 5 Bytes JMP 03832D10 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!BeginPaint 7E428FE9 5 Bytes JMP 03832A05 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 03832EE4 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 03832F7C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!RedrawWindow 7E429944 5 Bytes JMP 03833017 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0383333F C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!IsWindowVisible 7E429E3D 7 Bytes JMP 0383353A C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!SetFocus 7E42B112 5 Bytes JMP 03832C78 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!SetCapture 7E42C35E 5 Bytes JMP 03832E4C C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!InvalidateRgn 7E42CDFE 5 Bytes JMP 03832DAE C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 03833481 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!RegisterClassA 7E42EA5E 5 Bytes JMP 038330B8 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)
.text C:\Program Files\Xfire\Xfire.exe[3248] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 03833702 C:\Program Files\Xfire\xfire_toucan_44183.dll (Xfire Toucan DLL/Xfire Inc.)

---- EOF - GMER 1.0.15 ----

KRB · 2011/05/16

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 140):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7AB0000 \WINDOWS\system32\KDCOM.DLL
0xF79C0000 \WINDOWS\system32\BOOTVID.dll
0xF7481000 ACPI.sys
0xF7AB2000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7470000 pci.sys
0xF75B0000 isapnp.sys
0xF75C0000 ohci1394.sys
0xF75D0000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7B78000 pciide.sys
0xF7830000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75E0000 MountMgr.sys
0xF7451000 ftdisk.sys
0xF7AB4000 dmload.sys
0xF742B000 dmio.sys
0xF7838000 PartMgr.sys
0xF75F0000 VolSnap.sys
0xF7413000 atapi.sys
0xF7600000 disk.sys
0xF7610000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73F3000 fltmgr.sys
0xF73E1000 sr.sys
0xF7840000 PxHelp20.sys
0xF73CA000 KSecDD.sys
0xF733D000 Ntfs.sys
0xF7310000 NDIS.sys
0xF72F6000 Mup.sys
0xF7848000 avgrkx86.sys
0xF7620000 AVGIDSEH.Sys
0xF77B0000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xF6F4E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF6F3A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF7938000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF6F16000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7940000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF77C0000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77D0000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7800000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6EF3000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7950000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF77E0000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF6EAE000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0xF6DB7000 \SystemRoot\system32\DRIVERS\HSX_DP.sys
0xF6D01000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0xF7960000 \SystemRoot\System32\Drivers\Modem.SYS
0xF6CD9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF7A60000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xF6C8E000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xF6C57000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS
0xF77F0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7968000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7970000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7C02000 \SystemRoot\system32\DRIVERS\lmimirr.sys
0xF7B2A000 \SystemRoot\System32\Drivers\x10hid.sys
0xF7810000 \SystemRoot\System32\Drivers\HIDCLASS.SYS
0xF7978000 \SystemRoot\System32\Drivers\HIDPARSE.SYS
0xF7C06000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7660000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6C40000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7670000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF7680000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7980000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6C07000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7690000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7988000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7990000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF6B37000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76A0000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B2C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6AD9000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A84000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7A90000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF76B0000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF76C0000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B32000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7750000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xF3BAB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xF3B87000 \SystemRoot\system32\drivers\portcls.sys
0xF7770000 \SystemRoot\system32\drivers\drmk.sys
0xF31FB000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF7908000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7ADE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF78B0000 \SystemRoot\System32\Drivers\x10ufx2.sys
0xF7C87000 \SystemRoot\System32\Drivers\Null.SYS
0xF7AD6000 \SystemRoot\System32\Drivers\Beep.SYS
0xF78C0000 \SystemRoot\System32\drivers\vga.sys
0xF7B50000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF78C8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xF7B52000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78D0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6AD1000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF1682000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF1629000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF1603000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF15BB000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xF6B87000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF6B77000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xF1593000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF1571000 \SystemRoot\System32\drivers\afd.sys
0xF6B67000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF1546000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF14D6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF443F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3B7F000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xF149A000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xF79A0000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xF79B0000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xF43EF000 \SystemRoot\system32\DRIVERS\HPZid412.sys
0xF36BA000 \SystemRoot\system32\DRIVERS\HPZipr12.sys
0xF1476000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF140E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7B56000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF291A000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7858000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CC6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3D8000 \SystemRoot\System32\ATMFD.DLL
0xBA584000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB9C6B000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9C06000 \SystemRoot\system32\drivers\wdmaud.sys
0xF31EB000 \SystemRoot\system32\drivers\sysaudio.sys
0xF321B000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xB982D000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9785000 \SystemRoot\system32\DRIVERS\srv.sys
0xF7AF2000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
0xF31CB000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
0xB97F5000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB9B86000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB94C9000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xB776D000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xF16C5000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB6894000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB63A9000 \??\C:\DOCUME~1\Bahuaud\LOCALS~1\Temp\ugdyyaog.sys
0xB54B2000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
492 C:\WINDOWS\system32\smss.exe
524 C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
736 csrss.exe
760 C:\WINDOWS\system32\winlogon.exe
816 C:\WINDOWS\system32\services.exe
836 C:\WINDOWS\system32\lsass.exe
996 C:\WINDOWS\system32\svchost.exe
1060 svchost.exe
1140 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1280 svchost.exe
1420 C:\WINDOWS\system32\spoolsv.exe
1480 svchost.exe
1556 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1752 C:\WINDOWS\explorer.exe
1796 C:\Program Files\AVG\AVG10\avgwdsvc.exe
1856 C:\Program Files\Bonjour\mDNSResponder.exe
1924 C:\WINDOWS\ehome\ehrecvr.exe
1956 C:\WINDOWS\ehome\ehSched.exe
244 C:\WINDOWS\system32\svchost.exe
392 C:\Program Files\Java\jre6\bin\jqs.exe
712 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
840 C:\Program Files\LogMeIn\x86\ramaint.exe
1164 C:\Program Files\LogMeIn\x86\LogMeIn.exe
1112 C:\WINDOWS\system32\nvsvc32.exe
1596 C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
1668 C:\WINDOWS\system32\HPZipm12.exe
1808 C:\WINDOWS\ehome\RMSvc.exe
1884 C:\WINDOWS\ehome\ehtray.exe
2076 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2096 C:\WINDOWS\RTHDCPL.exe
2116 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2144 C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
2232 C:\Program Files\AVG\AVG10\avgtray.exe
2312 svchost.exe
2380 C:\WINDOWS\system32\svchost.exe
2456 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
2476 C:\Program Files\iTunes\iTunesHelper.exe
2560 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2612 C:\WINDOWS\system32\ctfmon.exe
2620 C:\Program Files\Messenger\msmsgs.exe
2632 C:\Program Files\PrinterShare\paConsole.exe
2712 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2832 C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
2976 C:\WINDOWS\ehome\RMSysTry.exe
3032 C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
3080 C:\Program Files\AVG\AVG10\avgnsx.exe
3172 C:\Program Files\AVG\AVG10\avgemcx.exe
3232 McrdSvc.exe
3248 C:\Program Files\Xfire\Xfire.exe
3328 C:\Program Files\OpenOffice.org 3\program\soffice.exe
3404 C:\Program Files\IncrediMail\Bin\ImApp.exe
3472 wmpnetwk.exe
3812 C:\Program Files\OpenOffice.org 3\program\soffice.bin
4072 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
472 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
2364 C:\Program Files\Hp\Digital Imaging\bin\hpqste08.exe
1116 C:\WINDOWS\system32\dllhost.exe
512 C:\WINDOWS\system32\wscntfy.exe
3636 C:\Program Files\iPod\bin\iPodService.exe
4116 alg.exe
4532 C:\WINDOWS\ehome\ehmsas.exe
4028 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
5456 C:\WINDOWS\system32\notepad.exe
3704 C:\Program Files\IncrediMail\Bin\IncMail.exe
2940 C:\Program Files\Internet Explorer\iexplore.exe
5472 C:\Program Files\Internet Explorer\iexplore.exe
1300 C:\Program Files\Internet Explorer\iexplore.exe
5184 C:\WINDOWS\system32\msiexec.exe
5792 C:\Program Files\AVG\AVG10\avgcsrvx.exe
2548 C:\Documents and Settings\Bahuaud\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000001d`1c84c000 (NTFS)

PhysicalDrive0 Model Number: ST3250824AS, Rev: 3.AHH

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

KRB · 2011/05/16

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Bahuaud at 21:46:18.07 on 16/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.176 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\AVG\AVG10\avgtray.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PrinterShare\paConsole.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Bahuaud\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SmileboxTray] "c:\documents and settings\bahuaud\application data\smilebox\SmileboxTray.exe "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [PrinterShare] c:\program files\printershare\paConsole.exe -minimized
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\bahuaud\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\bahuaud\startm~1\programs\startup\xfire.lnk - c:\program files\xfire\Xfire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0449A3DB-050C-4895-9236-D9B11778459B} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262282538093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\bahuaud\applic~1\mozilla\firefox\profiles\gmxg6yvr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\bahuaud\application data\mozilla\firefox\profiles\gmxg6yvr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\bahuaud\application data\mozilla\firefox\profiles\gmxg6yvr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}\components\RadioWMPCore.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\bahuaud\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\bahuaud\application data\mozilla\firefox\profiles\gmxg6yvr.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Downloads in Tab: downintab@max.max - %profile%\extensions\downintab@max.max
FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
FF - Ext: Open Image In New Tab: imagetab@next.gen.nz - %profile%\extensions\imagetab@next.gen.nz
FF - Ext: Tab Saver!: {7A074BE0-2326-436d-B473-029FAEBEB5C6} - %profile%\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
FF - Ext: Coral IE Tab: ietab@ip.cn - %profile%\extensions\ietab@ip.cn
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-14 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2011-3-4 7040]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-8 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-12 947528]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-8 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-05-10 03:33:05 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-19 07:20:43 -------- d--h--w- c:\windows\PIF
2011-04-19 05:04:51 -------- d-----w- c:\docume~1\bahuaud\applic~1\FrostWire
.
==================== Find3M ====================
.
2011-04-08 11:28:58 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
============= FINISH: 21:47:17.23 ===============

if you still need attach.txt just ask as it says dont post it

broni · 2011/05/16

Yes, please post Attach.txt as well.

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

[color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

[color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.

If using Vista or Windows 7 right-click on it and choose Run As Administrator.

A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.

If not, delete the file, then download and use the one provided in Link 2.

If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.

Do not reboot until instructed.

If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

KRB · 2011/05/16

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 31/12/2009 12:40:43 AM
System Uptime: 16/05/2011 1:52:21 AM (20 hours ago)
.
Motherboard: ASUSTek Computer INC. | | NODUSM3
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ | Socket AM2 | 2204/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 49.328 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 97.262 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is CDROM ()
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0000
Manufacturer: AVG Technologies
Name: NVIDIA nForce Networking Controller - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0000
Service: Avgfwdx
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx
.
==== System Restore Points ===================
.
RP203: 16/02/2011 2:21:56 AM - System Checkpoint
RP204: 17/02/2011 3:43:57 AM - System Checkpoint
RP205: 18/02/2011 6:39:00 AM - System Checkpoint
RP206: 19/02/2011 7:19:30 AM - System Checkpoint
RP207: 20/02/2011 10:12:01 AM - System Checkpoint
RP208: 21/02/2011 2:29:58 PM - System Checkpoint
RP209: 22/02/2011 10:42:08 PM - System Checkpoint
RP210: 23/02/2011 3:29:48 PM - Installed Control Media
RP211: 24/02/2011 4:18:47 PM - System Checkpoint
RP212: 25/02/2011 5:24:48 PM - System Checkpoint
RP213: 26/02/2011 6:21:44 PM - System Checkpoint
RP214: 27/02/2011 6:23:01 PM - System Checkpoint
RP215: 28/02/2011 6:54:50 PM - System Checkpoint
RP216: 01/03/2011 9:46:49 PM - System Checkpoint
RP217: 02/03/2011 10:21:03 PM - System Checkpoint
RP218: 03/03/2011 10:41:21 PM - System Checkpoint
RP219: 05/03/2011 1:17:33 AM - System Checkpoint
RP220: 06/03/2011 2:02:28 AM - System Checkpoint
RP221: 07/03/2011 2:17:32 AM - System Checkpoint
RP222: 07/03/2011 6:51:05 PM - Removed PrinterShare 2.3.04
RP223: 07/03/2011 6:51:19 PM - Installed PrinterShare 2.3.05
RP224: 08/03/2011 8:10:39 PM - System Checkpoint
RP225: 09/03/2011 8:34:51 PM - System Checkpoint
RP226: 10/03/2011 9:13:24 PM - System Checkpoint
RP227: 12/03/2011 9:53:27 AM - System Checkpoint
RP228: 13/03/2011 4:00:16 AM - Software Distribution Service 3.0
RP229: 14/03/2011 6:34:10 AM - System Checkpoint
RP230: 15/03/2011 7:04:26 AM - System Checkpoint
RP231: 16/03/2011 7:20:52 AM - System Checkpoint
RP232: 17/03/2011 7:26:30 AM - System Checkpoint
RP233: 18/03/2011 8:16:36 AM - System Checkpoint
RP234: 19/03/2011 10:23:08 AM - System Checkpoint
RP235: 20/03/2011 3:00:33 AM - Software Distribution Service 3.0
RP236: 21/03/2011 10:19:06 AM - System Checkpoint
RP237: 22/03/2011 11:14:53 AM - System Checkpoint
RP238: 23/03/2011 1:55:57 PM - System Checkpoint
RP239: 24/03/2011 2:04:12 PM - System Checkpoint
RP240: 25/03/2011 2:37:20 PM - Software Distribution Service 3.0
RP241: 26/03/2011 2:40:20 PM - System Checkpoint
RP242: 27/03/2011 6:12:02 PM - System Checkpoint
RP243: 28/03/2011 9:35:26 PM - System Checkpoint
RP244: 29/03/2011 10:39:53 PM - System Checkpoint
RP245: 30/03/2011 11:21:07 PM - System Checkpoint
RP246: 01/04/2011 12:06:26 AM - System Checkpoint
RP247: 02/04/2011 2:04:34 AM - System Checkpoint
RP248: 03/04/2011 2:39:30 AM - System Checkpoint
RP249: 04/04/2011 2:40:38 AM - System Checkpoint
RP250: 05/04/2011 3:45:26 AM - System Checkpoint
RP251: 06/04/2011 4:12:52 AM - System Checkpoint
RP252: 07/04/2011 7:37:45 AM - System Checkpoint
RP253: 08/04/2011 8:49:55 AM - System Checkpoint
RP254: 09/04/2011 9:37:58 AM - System Checkpoint
RP255: 10/04/2011 9:56:14 AM - System Checkpoint
RP256: 11/04/2011 10:07:01 AM - System Checkpoint
RP257: 12/04/2011 10:29:48 AM - System Checkpoint
RP258: 13/04/2011 11:31:19 AM - System Checkpoint
RP259: 14/04/2011 12:53:25 PM - System Checkpoint
RP260: 15/04/2011 1:51:52 PM - System Checkpoint
RP261: 16/04/2011 2:39:56 PM - System Checkpoint
RP262: 17/04/2011 3:00:38 AM - Software Distribution Service 3.0
RP263: 18/04/2011 7:37:06 AM - System Checkpoint
RP264: 19/04/2011 7:38:58 AM - System Checkpoint
RP265: 20/04/2011 8:12:56 AM - System Checkpoint
RP266: 21/04/2011 2:57:34 AM - Software Distribution Service 3.0
RP267: 22/04/2011 5:57:31 AM - System Checkpoint
RP268: 23/04/2011 6:48:36 PM - System Checkpoint
RP269: 24/04/2011 10:23:10 PM - System Checkpoint
RP270: 25/04/2011 10:28:19 PM - System Checkpoint
RP271: 26/04/2011 10:39:48 PM - System Checkpoint
RP272: 27/04/2011 11:01:13 PM - System Checkpoint
RP273: 28/04/2011 2:52:59 AM - Software Distribution Service 3.0
RP274: 29/04/2011 4:32:41 AM - System Checkpoint
RP275: 30/04/2011 5:01:18 AM - System Checkpoint
RP276: 01/05/2011 5:58:05 AM - System Checkpoint
RP277: 02/05/2011 7:59:08 AM - System Checkpoint
RP278: 03/05/2011 8:16:45 AM - System Checkpoint
RP279: 04/05/2011 1:06:04 PM - System Checkpoint
RP280: 05/05/2011 1:10:15 PM - System Checkpoint
RP281: 06/05/2011 5:14:33 PM - System Checkpoint
RP282: 07/05/2011 10:11:06 PM - System Checkpoint
RP283: 09/05/2011 12:55:14 AM - System Checkpoint
RP284: 10/05/2011 12:44:41 PM - System Checkpoint
RP285: 11/05/2011 5:49:10 PM - System Checkpoint
RP286: 12/05/2011 9:05:27 PM - System Checkpoint
RP287: 13/05/2011 9:29:38 PM - System Checkpoint
RP288: 15/05/2011 1:17:35 AM - System Checkpoint
RP289: 16/05/2011 1:35:53 AM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
ActiveHome Pro
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
BarGenie
Bonjour
BufferChm
CCleaner
Control Media
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
DocProc
eSupportQFolder
F300
F300_Help
F300Trb
Facebook Plug-In
Fax_CDA
ffdshow v1.1.3507 [2010-07-07]
GIMP 2.6.4
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB895961-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Driver Diagnostics
HP Imaging Device Functions 6.1
HP Photosmart Essential
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HPProductAssistant
IncrediMail
IncrediMail 2.0
IrfanView (remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 21
LogMeIn
Malwarebytes' Anti-Malware
MCEBrowser
Media Center Extender
Messenger Plus! 5
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox (3.5.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
Notepad++
NVIDIA Drivers
O2Micro Flash Memory Card Reader Driver Installer(x86)
OpenOffice.org 3.1
Photo Notifier and Animation Creator
PhotoMail Maker
PrinterShare 2.3.05
ProductContextNPI
QuickTime
Readme
Realtek High Definition Audio Driver
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Smilebox
SolutionCenter
SPORE™
Status
TapiRex Reverse Lookup Plugin for WhitePages.ca® 1.7.2
Toolbox
TrayApp
TVersity Media Server 1.9
Tweak UI
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB905589
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
World of Warcraft
WOT for Internet Explorer
X10 Hardware(TM)
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
16/05/2011 1:56:56 AM, error: System Error [1003] - Error code 100000d1, parameter1 0000000c, parameter2 00000006, parameter3 00000001, parameter4 f741b5f7.
16/05/2011 1:55:48 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVersityMediaServer service to connect.
16/05/2011 1:09:15 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort2.
16/05/2011 1:04:52 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
14/05/2011 12:28:59 AM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
14/05/2011 12:22:14 AM, error: Dhcp [1002] - The IP address lease 192.168.0.100 for the Network Card with network address 0018F3A67D91 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
09/05/2011 5:10:26 AM, error: Dhcp [1002] - The IP address lease 192.168.0.101 for the Network Card with network address 0018F3A67D91 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

ComboFix 11-05-16.02 - Bahuaud 16/05/2011 22:37:51.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.359 [GMT -5:00]
Running from: c:\documents and settings\Bahuaud\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Bahuaud\Templates\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
C:\skypexxxxx.exe
c:\skypexxxxx.exe\config.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-04-17 to 2011-05-17 )))))))))))))))))))))))))))))))
.
.
2011-05-10 03:33 . 2011-05-10 03:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-04-19 07:20 . 2011-04-19 07:20 -------- d--h--w- c:\windows\PIF
2011-04-19 05:04 . 2011-04-19 07:55 -------- d-----w- c:\documents and settings\Bahuaud\Application Data\FrostWire
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-08 11:28 . 2011-04-08 11:28 41872 ----a-w- c:\windows\system32\xfcodec.dll
2011-03-07 05:33 . 2009-12-31 06:36 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2004-08-10 12:00 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2004-08-10 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06 . 2004-08-10 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2004-08-10 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2004-08-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2004-08-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-02-18 21:36 . 2010-01-03 19:08 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2010-01-03 19:08 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-02-17 13:18 . 2004-08-10 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2004-08-10 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-12-31 19:03 5120 ----a-w- c:\windows\system32\xpsp4res.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail "= "c:\program files\IncrediMail\bin\IncMail.exe" [2011-05-10 353736]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"SmileboxTray "= "c:\documents and settings\Bahuaud\Application Data\Smilebox\SmileboxTray.exe" [2010-10-05 304448]
"PrinterShare "= "c:\program files\PrinterShare\paConsole.exe" [2011-02-22 1107456]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"nwiz "= "nwiz.exe" [2006-05-09 1519616]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"RTHDCPL "= "RTHDCPL.EXE" [2006-07-21 16261632]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"HP Software Update "= "c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn GUI "= "c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE "= "c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Bahuaud\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2011-4-8 3510160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Extender Resource Monitor.lnk - c:\windows\ehome\RMSysTry.exe [2005-10-20 18432]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-12-08 19:11 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride "=dword:00000001
"FirewallOverride "=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications "= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\IncMail.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImApp.exe "=
"c:\\Program Files\\IncrediMail\\Bin\\ImpCnt.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqDIA.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe "=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe "=
"c:\\Program Files\\Messenger\\msmsgs.exe "=
"c:\\Program Files\\Xfire\\Xfire.exe "=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe "=
"c:\\Program Files\\PrinterShare\\paConsole.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.exe "=
"c:\\Program Files\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe "=
"c:\\Program Files\\PrinterShare\\paProgress.exe "=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe "=
"c:\\Program Files\\World of Warcraft\\Launcher.patch.exe "=
"c:\\Program Files\\World of Warcraft\\Blizzard Downloader.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe "=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe "=
"c:\\Program Files\\Common Files\\X10\\Common\\X10nets.exe "=
"c:\\Program Files\\ActiveHome Pro\\ActiveHm.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\World of Warcraft\\Temp\\wow-4.1.0.2317-enUS-tools-downloader.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3776:UDP "= 3776:UDP:Media Center Extender Service
"3390:TCP "= 3390:TCP:Remote Media Center Experience
"3724:TCP "= 3724:TCP:Blizzard Downloader: 3724
"8777:TCP "= 8777:TCP:ActivePhone
.
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [08/12/2010 2:11 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17/09/2010 4:40 PM 12856]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [04/03/2011 11:43 PM 7040]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/01/2011 3:20 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [08/01/2011 3:20 AM 136176]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
QWAVE REG_MULTI_SZ QWAVE
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:19]
.
2011-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-08 08:19]
.
2011-05-17 c:\windows\Tasks\User_Feed_Synchronization-{92D47641-43EB-461A-B2A8-17FB1147D5B3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
DPF: {0449A3DB-050C-4895-9236-D9B11778459B} - hxxp://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab
FF - ProfilePath - c:\documents and settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: Flagfox: {1018e4d6-728f-4b20-ad56-37578a4de76b} - %profile%\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
FF - Ext: Downloads in Tab: downintab@max.max - %profile%\extensions\downintab@max.max
FF - Ext: Save Session: savesession@noasobi.net - %profile%\extensions\savesession@noasobi.net
FF - Ext: Open Image In New Tab: imagetab@next.gen.nz - %profile%\extensions\imagetab@next.gen.nz
FF - Ext: Tab Saver!: {7A074BE0-2326-436d-B473-029FAEBEB5C6} - %profile%\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
FF - Ext: Coral IE Tab: ietab@ip.cn - %profile%\extensions\ietab@ip.cn
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-16 22:45
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\Software\SecuROM\License information*]
"datasecu "=hex:c5,a6,86,b9,3b,ba,9b,98,cd,3c,bf,b3,23,c1,13,e0,f1,d3,f9,f9,af,
5b,18,03,e1,fa,10,60,e9,e6,f3,05,31,fa,78,cd,3f,59,5f,23,b5,55,87,55,f0,28,\
"rkeysecu "=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(572)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2011-05-16 22:48:40
ComboFix-quarantined-files.txt 2011-05-17 03:48
.
Pre-Run: 53,546,393,600 bytes free
Post-Run: 53,672,271,872 bytes free
.
- - End Of File - - 9CB47923FF329A9C63CBDA9F668F0055

broni · 2011/05/16

Combofix log looks good

How is computer doing?

Feel free to reinstall AVG now.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

KRB · 2011/05/16

AVGs just installing, ill run OTL when its finished but the internets working good now although activehome Pro wont conect to its usb device atm but i think thats a different problem i think ill have to deal with later on there site.

broni · 2011/05/16

Ok...

KRB · 2011/05/16

otl

OTL logfile created on: 16/05/2011 11:31:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bahuaud\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.45 Gb Total Space | 49.47 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
Drive D: | 116.44 Gb Total Space | 97.26 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive J: | 15.53 Gb Total Space | 12.10 Gb Free Space | 77.87% Space Free | Partition Type: FAT32

Computer Name: BIOCOMPUTER | User Name: Bahuaud | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 23:04:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bahuaud\Desktop\OTL.exe
PRC - [2011/05/09 21:40:42 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/04/08 06:28:52 | 003,510,160 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/22 12:11:00 | 001,107,456 | ---- | M] (PrinterAnywhere) -- C:\Program Files\PrinterShare\paConsole.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/11/01 23:44:30 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
PRC - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

========== Modules (SafeList) ==========

MOD - [2011/05/16 23:04:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bahuaud\Desktop\OTL.exe
MOD - [2011/04/08 06:28:58 | 000,974,736 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\xfire_toucan_44183.dll
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 19:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/22 13:56:50 | 000,984,392 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/01 23:44:30 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2010/07/12 23:45:28 | 000,880,640 | ---- | M] () [Auto | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/05/06 18:28:00 | 003,596,528 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/02/12 17:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- (o2flash)
SRV - [2005/03/14 13:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/24 17:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 16:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 16:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 12:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 12:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/11/28 12:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/05/19 16:52:58 | 000,017,792 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-73586283-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search "
FF - prefs.js..browser.search.defaultthis.engineName: "XfireXO Customized Web Search "
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2304157&SearchSource=3&q={searchTerms} "
FF - prefs.js..browser.search.selectedEngine: "MyStart Search "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-USfficial "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: ietab@ip.cn:1.63.20091024
FF - prefs.js..extensions.enabledItems: downintab@max.max:0.0.9
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {66E978CD-981F-47DF-AC42-E3CF417C1467}:0.4.1
FF - prefs.js..extensions.enabledItems: imagetab@next.gen.nz:1.1
FF - prefs.js..extensions.enabledItems: savesession@noasobi.net:1.3.1.6
FF - prefs.js..extensions.enabledItems: {7A074BE0-2326-436d-B473-029FAEBEB5C6}:1.1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2724386&q= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/05/16 23:23:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/05/16 23:27:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/04/29 04:13:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/16 23:26:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 08:59:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 08:59:17 | 000,000,000 | ---D | M]

[2010/04/22 13:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Extensions
[2010/04/22 13:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/05/14 00:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions
[2010/01/04 01:41:03 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/01/03 00:45:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/04 01:49:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}-trash
[2010/01/04 01:41:03 | 000,000,000 | ---D | M] (New Tab Homepage) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
[2010/01/04 01:41:01 | 000,000,000 | ---D | M] (Tab Saver!) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{7A074BE0-2326-436d-B473-029FAEBEB5C6}
[2010/01/03 15:33:23 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/01/03 15:33:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/05/09 21:41:47 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Toolbar) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}
[2010/01/04 01:41:02 | 000,000,000 | ---D | M] (Downloads in Tab) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\downintab@max.max
[2010/01/04 01:41:01 | 000,000,000 | ---D | M] (Coral IE Tab) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\ietab@ip.cn
[2010/01/04 01:41:02 | 000,000,000 | ---D | M] (Open Image In New Tab) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\imagetab@next.gen.nz
[2010/01/04 01:41:02 | 000,000,000 | ---D | M] (Save Session) -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\extensions\savesession@noasobi.net
[2011/05/09 21:38:53 | 000,002,183 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\Mozilla\Firefox\Profiles\gmxg6yvr.default\searchplugins\MyStart Search.xml
[2011/05/14 00:31:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/31 23:48:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/04/29 04:13:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2011/05/16 23:23:07 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2011/05/16 23:26:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/05/16 23:27:05 | 000,000,000 | ---D | M] ( "urn:mozilla:install-manifest" em:id= "avg@igeared" em:name= "AVG Security Toolbar" em:version= "7.004.022.004" em:displayname= "AVG Security Toolbar" em:iconURL="chrome://tavgp/skin/logo.ico" em:creator= "AVG Technologies" em:description= "AVG Security Toolbar" em:homepageURL="http://www.avg.com" >) -- C:\PROGRAM FILES\AVG\AVG10\TOOLBAR\FIREFOX\AVG@IGEARED
[2009/12/31 19:20:40 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/16 22:45:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1003..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1003..\Run: [PrinterShare] C:\Program Files\PrinterShare\paConsole.exe (PrinterAnywhere)
O4 - HKU\S-1-5-21-2000478354-73586283-682003330-1003..\Run: [SmileboxTray] C:\Documents and Settings\Bahuaud\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Documents and Settings\Bahuaud\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Bahuaud\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0449A3DB-050C-4895-9236-D9B11778459B} http://content.dll1.com/Connectus/SmartCouponPrinter/vigorate/SmartCouponPrinterVig.cab (SmartCouponPrinter Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262282538093 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} http://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab (DDRevision Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Bahuaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Bahuaud\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/31 01:38:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2000478354-73586283-682003330-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2000478354-73586283-682003330-1003\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 23:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bahuaud\Application Data\AVG10
[2011/05/16 23:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/16 23:26:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/05/16 23:25:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/16 23:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/05/16 23:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/05/16 23:03:53 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Bahuaud\Desktop\OTL.exe
[2011/05/16 23:00:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/16 22:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/16 22:34:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/16 22:34:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/16 22:34:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/16 22:34:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/16 22:33:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/16 00:14:45 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bahuaud\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/01 00:09:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Bahuaud\Recent
[2011/04/19 02:20:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/04/19 00:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bahuaud\My Documents\FrostWire
[2011/04/19 00:04:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Bahuaud\Application Data\FrostWire
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 23:31:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/16 23:26:44 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/16 23:25:08 | 114,586,442 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/05/16 23:04:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bahuaud\Desktop\OTL.exe
[2011/05/16 22:45:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/16 22:31:53 | 000,000,745 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2011/05/16 22:30:37 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/16 22:30:31 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 22:30:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 22:22:10 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\prvlcl.dat
[2011/05/16 22:16:13 | 004,349,551 | R--- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\ComboFix.exe
[2011/05/16 20:42:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/16 20:01:32 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{92D47641-43EB-461A-B2A8-17FB1147D5B3}.job
[2011/05/16 00:50:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 00:11:28 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\dds.scr
[2011/05/16 00:10:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\MBRCheck.exe
[2011/05/16 00:09:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bahuaud\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/16 00:09:24 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\i6jp8l75.exe
[2011/05/13 19:45:38 | 000,009,027 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\BA2E.216
[2011/05/12 03:10:44 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/05/09 21:41:12 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\Microsoft\Internet Explorer\Quick Launch\IncrediMail 2.0.lnk
[2011/05/09 21:41:11 | 000,001,750 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IncrediMail.lnk
[2011/04/30 23:33:23 | 000,001,450 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 23:33:23 | 000,001,450 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/28 00:53:44 | 000,068,417 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\216571_10150233066109363_637494362_8682191_6906763_n.jpg
[2011/04/28 00:53:32 | 000,050,182 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\226544_10150233065754363_637494362_8682180_2453248_n.jpg
[2011/04/19 02:47:10 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/17 03:32:34 | 000,118,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/17 03:13:25 | 000,442,466 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/17 03:13:25 | 000,071,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 23:26:44 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/05/16 22:34:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/16 22:34:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/16 22:34:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/16 22:34:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/16 22:34:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/16 22:16:13 | 004,349,551 | R--- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\ComboFix.exe
[2011/05/16 21:46:12 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\dds.scr
[2011/05/16 21:44:52 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\MBRCheck.exe
[2011/05/16 01:03:19 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\i6jp8l75.exe
[2011/05/13 17:10:27 | 000,009,027 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Application Data\BA2E.216
[2011/05/12 03:10:44 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/04/30 23:33:12 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 23:33:12 | 000,001,450 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/28 00:53:44 | 000,068,417 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\216571_10150233066109363_637494362_8682191_6906763_n.jpg
[2011/04/28 00:53:32 | 000,050,182 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Desktop\226544_10150233065754363_637494362_8682180_2453248_n.jpg
[2011/04/08 06:28:58 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2011/03/04 23:42:56 | 000,149,504 | ---- | C] () -- C:\WINDOWS\unwise32_setup.exe
[2011/02/23 00:41:48 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2011/01/24 02:04:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\prvlcl.dat
[2010/08/02 00:28:30 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/07/31 01:37:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2010/01/20 23:04:57 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/14 05:08:04 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\fusioncache.dat
[2010/01/03 03:23:28 | 000,110,063 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/01/03 03:23:28 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/01/03 00:59:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/01/03 00:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/02 22:01:33 | 000,061,440 | ---- | C] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/31 02:31:25 | 000,000,537 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/12/31 02:17:53 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/12/31 02:04:20 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/12/31 02:04:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/12/31 01:40:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/12/31 01:33:53 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/12/30 18:05:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/30 18:04:53 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/05/09 16:50:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/09 16:50:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/09 16:50:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/09 16:50:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/09 16:50:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/09 16:50:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/09 16:50:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/09 16:50:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/09 16:50:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/05/09 16:50:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/09 16:50:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,442,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,732 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2011/03/07 20:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Active Home Professional
[2011/05/16 23:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/05/16 23:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/10/28 23:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/29 00:59:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/02 22:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2010/01/02 22:33:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2011/05/16 00:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/01/28 17:47:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2011/05/16 23:29:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/09 13:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Photo Notifier and Animation Creator
[2010/05/07 02:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2011/03/31 01:55:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrinterShare
[2011/05/16 12:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X10 Settings
[2010/07/27 04:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/03 14:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/07/23 03:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\6C9FE140494AFBD8666C1E543F54F786
[2011/05/16 23:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\AVG10
[2010/01/03 13:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\AVG9
[2011/05/15 23:44:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\Azureus
[2010/01/16 00:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\BarGenie
[2010/03/03 22:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\Facebook
[2011/04/19 02:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\FrostWire
[2011/01/22 04:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\Notepad++
[2009/12/31 19:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\OpenOffice.org
[2011/02/11 19:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\Screenshot Sender
[2010/10/30 20:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\Smilebox
[2010/08/06 15:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\SPORE
[2010/01/16 03:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\TapiRex
[2009/12/31 02:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bahuaud\Application Data\WinBatch
[2011/03/07 22:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2011/05/16 20:01:32 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{92D47641-43EB-461A-B2A8-17FB1147D5B3}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/02/14 23:33:25 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009/12/31 01:38:43 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/12/31 01:21:59 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/07/29 14:24:38 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/05/16 22:48:41 | 000,013,631 | ---- | M] () -- C:\ComboFix.txt
[2009/12/31 01:38:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/12/31 01:38:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/31 01:38:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/31 13:45:04 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/16 22:30:14 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/12/31 01:38:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2005/10/14 23:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2010/12/08 14:11:54 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 01:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/12/30 18:03:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/30 18:03:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/30 18:03:52 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/31 13:48:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/31 14:45:42 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2009/12/31 01:49:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/05/16 22:16:13 | 004,349,551 | R--- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\ComboFix.exe
[2008/02/12 03:04:09 | 002,977,280 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\falling sand.exe
[2011/05/16 00:09:24 | 000,302,080 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\i6jp8l75.exe
[2002/01/25 09:10:48 | 002,322,145 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\knights quest.exe
[2011/05/16 00:09:52 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Bahuaud\Desktop\mbam-setup-1.50.1.1100.exe
[2011/05/16 00:10:36 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Desktop\MBRCheck.exe
[2011/05/16 23:04:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Bahuaud\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 07:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/12/31 14:01:13 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Favorites\Desktop.ini
[2006/08/11 09:53:42 | 000,001,834 | ---- | M] () -- C:\Documents and Settings\Bahuaud\Favorites\eBay.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/12/27 03:54:50 | 000,000,418 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/05/12 04:15:49 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Cookies\desktop.ini
[2011/05/16 23:29:16 | 000,065,536 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 13:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 13:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 13:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
=================================

KRB · 2011/05/16

OTL Extras logfile created on: 16/05/2011 11:31:48 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Bahuaud\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

958.00 Mb Total Physical Memory | 204.00 Mb Available Physical Memory | 21.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 116.45 Gb Total Space | 49.47 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
Drive D: | 116.44 Gb Total Space | 97.26 Gb Free Space | 83.53% Space Free | Partition Type: NTFS
Drive J: | 15.53 Gb Total Space | 12.10 Gb Free Space | 77.87% Space Free | Partition Type: FAT32

Computer Name: BIOCOMPUTER | User Name: Bahuaud | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title " " -tags " " ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"8777:TCP" = 8777:TCP:*:Enabled:ActivePhone

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3776:UDP" = 3776:UDP:*:Enabled:Media Center Extender Service
"3390:TCP" = 3390:TCP:*:Enabled:Remote Media Center Experience
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"8777:TCP" = 8777:TCP:*:Enabled:ActivePhone

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\X10\Common\X10nets.exe" = C:\Program Files\Common Files\X10\Common\X10nets.exe:*:Enabled:X10 Net Service -- (X10)
"C:\Program Files\ActiveHome Pro\ActiveHm.exe" = C:\Program Files\ActiveHome Pro\ActiveHm.exe:*:Enabled:ActiveHome Pro -- (X10 Wireless Technology, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\Hp\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Xfire\Xfire.exe" = C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\PrinterShare\paConsole.exe" = C:\Program Files\PrinterShare\paConsole.exe:*:EnabledrinterAnywhere Console -- (PrinterAnywhere)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\PrinterShare\paProgress.exe" = C:\Program Files\PrinterShare\paProgress.exe:*:EnabledaProgress -- ()
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Blizzard Downloader.exe" = C:\Program Files\World of Warcraft\Blizzard Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\SmartFTP Client\SmartFTP.exe" = C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 4.0 -- (SmartSoft Ltd.)
"C:\Program Files\Common Files\X10\Common\X10nets.exe" = C:\Program Files\Common Files\X10\Common\X10nets.exe:*:Enabled:X10 Net Service -- (X10)
"C:\Program Files\ActiveHome Pro\ActiveHm.exe" = C:\Program Files\ActiveHome Pro\ActiveHm.exe:*:Enabled:ActiveHome Pro -- (X10 Wireless Technology, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\World of Warcraft\Temp\wow-4.1.0.2317-enUS-tools-downloader.exe" = C:\Program Files\World of Warcraft\Temp\wow-4.1.0.2317-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabledersonal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{23FE964A-853B-4176-86D7-9E18B5CA1FC0}" = Media Center Extender
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{25D7AAE3-280A-4F3B-B72E-E1AEFCFFBFE5}_is1" = TapiRex Reverse Lookup Plugin for WhitePages.ca® 1.7.2
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CCC7F68-A437-4559-A840-F5E010934951}" = HP Driver Diagnostics
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{78764173-3805-4916-B3CE-B433702B8870}" = O2Micro Flash Memory Card Reader Driver Installer(x86)
"{788A0222-5690-4212-AA9C-C48FD0E1C9AE}" = Photo Notifier and Animation Creator
"{79F41FC6-07F9-47C2-BBAC-37C7C70EE703}" = MCEBrowser
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BB4B566-590C-4A07-9302-61E374BD48C1}" = BarGenie
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B591D0-4923-4277-980C-ED8DC5B43D8C}" = SmartFTP Client
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BABA6734-23CF-42AC-9E4C-EA2C7C80AA4E}" = AVG 2011
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7FC1FF-8528-47F6-A67C-7017C14DBF3D}" = Control Media
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DCCF734A-42DA-4951-8C8E-92CD33D2FA2E}" = PrinterShare 2.3.05
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}" = HP Software Update
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"8461-7759-5462-8226" = Vuze
"ActiveHomePro" = ActiveHome Pro
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG" = AVG 2011
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Data Fax SoftModem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EHome Devices" = Media Center Extender
"ffdshow_is1" = ffdshow v1.1.3507 [2010-07-07]
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"PhotoMail" = PhotoMail Maker
"SmartFTP Client 4.0 Setup Files" = SmartFTP Client 4.0 Setup Files (remove only)
"TVersity Media Server" = TVersity Media Server 1.9
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"Xfire" = Xfire (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-73586283-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 16/05/2011 11:32:03 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Pkt Record: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 13924 biocomputer.local.

Error - 16/05/2011 11:32:03 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 2 won: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 25654 biocomputer.local.

Error - 16/05/2011 11:32:03 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Pkt Record: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 25654 biocomputer.local.

Error - 16/05/2011 11:32:03 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 3 lost: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 13924 biocomputer.local.

Error - 16/05/2011 11:32:04 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Pkt Record: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 25654 biocomputer.local.

Error - 16/05/2011 11:32:04 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = ResolveSimultaneousProbe: Our Record 3 lost: E3DADCF2 25 basement\032computer._printershare._tcp.local.
SRV 0 0 13924 biocomputer.local.

Error - 16/05/2011 11:32:04 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Ignoring response received before we even
began probing: 25 basement\032computer._printershare._tcp.local. SRV 0 0 13924
biocomputer.local.

Error - 16/05/2011 11:32:05 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.0.101:1027 25 basement\032computer._printershare._tcp.local.
SRV 0 0 25654 biocomputer.local.

Error - 16/05/2011 11:32:05 PM | Computer Name = BIOCOMPUTER | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: ProbeCount 2; will rename 25 basement\032computer._printershare._tcp.local.
SRV 0 0 13924 biocomputer.local.

Error - 16/05/2011 11:41:37 PM | Computer Name = BIOCOMPUTER | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 16/05/2011 3:12:14 AM | Computer Name = BIOCOMPUTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 16/05/2011 3:14:45 AM | Computer Name = BIOCOMPUTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 16/05/2011 3:14:46 AM | Computer Name = BIOCOMPUTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 16/05/2011 3:20:53 AM | Computer Name = BIOCOMPUTER | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 16/05/2011 10:52:35 PM | Computer Name = BIOCOMPUTER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BUDDY-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{0230E15C-E59B-497F-. The master browser is stopping or an election
is being forced.

Error - 16/05/2011 11:32:33 PM | Computer Name = BIOCOMPUTER | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 16/05/2011 11:36:56 PM | Computer Name = BIOCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 16/05/2011 11:37:38 PM | Computer Name = BIOCOMPUTER | Source = Service Control Manager | ID = 7034
Description = The TVersityMediaServer service terminated unexpectedly. It has done
this 1 time(s).

Error - 16/05/2011 11:37:42 PM | Computer Name = BIOCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

Error - 16/05/2011 11:41:29 PM | Computer Name = BIOCOMPUTER | Source = Service Control Manager | ID = 7031
Description = The Windows Media Player Network Sharing Service service terminated
unexpectedly. It has done this 1 time(s). The following corrective action will
be taken in 30000 milliseconds: Restart the service.

< End of report >

broni · 2011/05/16

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/04/30 23:33:23 | 000,001,450 | -HS- | M] () -- C:\Documents and Settings\Bahuaud\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu
[2011/04/30 23:33:23 | 000,001,450 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

KRB · 2011/05/17

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\WINDOWS\System32\ConduitEngine.tmp deleted successfully.
C:\Documents and Settings\Bahuaud\Local Settings\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu moved successfully.
C:\Documents and Settings\All Users\Application Data\vhf6a7ab7h335d07ur33rbd5x6cjdqx1gr8iu moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antivir Nov 2009

User: Bahuaud
->Temp folder emptied: 10435655 bytes
->Temporary Internet Files folder emptied: 15990518 bytes
->Java cache emptied: 603942 bytes
->FireFox cache emptied: 50645334 bytes
->Flash cache emptied: 37080 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 434 bytes

User: MCX2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 294871 bytes
->Flash cache emptied: 434 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1007468 bytes

Total Files Cleaned = 76.00 mb

[EMPTYFLASH]

User: All Users

User: Antivir Nov 2009

User: Bahuaud
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: MCX1
->Flash cache emptied: 0 bytes

User: MCX2
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_001258

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_aa0.dat not found!

Registry entries deleted on Reboot...

KRB · 2011/05/17

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2011
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

I know you said it detects false positives but....
What is objlist.exe by Laurent[/b] ??
And I thought we fixed Java

And im going to run TFC and the other scan now

KRB · 2011/05/17

Sorry Scan took 2 hours
==================

C:\Documents and Settings\All Users\Documents\laptop stuff\kyles stuff\my forum\my website\multiforum\source\includes\data.php PHP/RainBow.A virus
C:\Documents and Settings\All Users\Documents\laptop stuff\kyles stuff 2\my forum\my website\multiforum\source\includes\data.php PHP/RainBow.A virus
C:\Documents and Settings\All Users\Documents\laptop stuff\kyles stuff 2\plus\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application
D:\Saved\Shared Docs\kyles stuff\my forum\my website\multiforum\source\includes\data.php PHP/RainBow.A virus
D:\Saved\Shared Docs\kyles stuff\plus\MsgPlusLive-423.exe a variant of Win32/MessengerPlus application
D:\Saved\Shared Docs\laptop stuff\kyles stuff\my forum\my website\multiforum\source\includes\data.php PHP/RainBow.A virus

MessengerPlus is not a virus, and the other I can delete anytime but its not a virus and just website code from a old website of mine, but ill wait for you Broni

broni · 2011/05/17

That's fine. We'll leave those items alone.

What is objlist.exe by Laurent[/b] ??
Click to expand...

Don't worry about it.
...and your Java is fine...

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

KRB · 2011/05/17

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Antivir Nov 2009

User: Bahuaud
->Temp folder emptied: 892357 bytes
->Temporary Internet Files folder emptied: 15046121 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MCX1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MCX2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15.00 mb

[EMPTYFLASH]

User: All Users

User: Antivir Nov 2009

User: Bahuaud
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: MCX1
->Flash cache emptied: 0 bytes

User: MCX2
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 05172011_203739

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_c20.dat not found!

Registry entries deleted on Reboot...

KRB · 2011/05/17

"broni said: ↑

That's fine. We'll leave those items alone.
5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
Click to expand...

Already have this, its helped a few times

"broni said: ↑

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
Click to expand...

computers doing good now, and how it got infected was theres 4 other people using this computer and one of them clicked something they shouldnt.

now i got to figure out whats up with active home pro.

Thank you Broni for all your help, this is the second time youve helped fix this computer.

broni · 2011/05/17

You're very welcome

Good luck and stay safe

P. S.

and one of them clicked something they shouldnt
Click to expand...

Done with 50 lashes yet?

KRB · 2011/05/17

"broni said: ↑

You're very welcome

Good luck and stay safe

P. S.

Done with 50 lashes yet?
Click to expand...

hard to tell if it was my younger brothers or my parents so i think thats not a good idea

Id give you rep but it says to spread some around first, btw heres the other thread incase you wanted it

http://www.windowsbbs.com/malware-virus-removal/94259-resolved-ie-random-pages.html

Log in or Sign up

Solved XP Wont connect to internet

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

Share This Page

Log in or Sign up

Solved XP Wont connect to internet

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

KRB Inactive Thread Starter

broni Moderator Malware Analyst

KRB Inactive Thread Starter

Share This Page

Useful Searches