Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

need major help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

need major help

Unread postby jayhovah » October 24th, 2009, 5:04 pm

been running all free scans i can find and still having trouble. basically after a google search and i click on a link, it takes me to a totally different site that as nothing to do with what i was looking up. did the Hijackthis and decided to post my log in hopes of finding what it is that makes my pc do this. thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:48 PM, on 10/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Startup: Mozilla Firefox (2).lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7450 bytes
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm
Advertisement
Register to Remove

Re: need major help

Unread postby MWR 3 day Mod » October 27th, 2009, 6:28 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: need major help

Unread postby peku006 » October 28th, 2009, 3:32 am

Hello and welcome to Malware Removal.

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:

  • If you don't know or understand something please don't hesitate to ask
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

1 - download and run RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)

2 - Status Check
Please reply with

the logs from RSIT (log.txt ,info.txt)

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » October 28th, 2009, 11:15 am

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by temp at 2009-10-28 11:12:07
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 165 GB (69%) free of 238 GB
Total RAM: 1983 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:12:15 AM, on 10/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\temp\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\temp.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3045 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201706787.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1201707429.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-09-15 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-30 7634944]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-01 198160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"AIM"=C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2wSysTray]
C:\Program Files\2Wire\2PortalMon.exe [2004-05-25 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe [2006-08-01 67112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-06-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
C:\Documents and Settings\Kenny\Application Data\mjusbsp\cdloader2.exe [2007-12-21 50520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSS]
SOFTWARE\Broderbund Software\DSS\AppList\FDE3844AE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ESPN BottomLine]
C:\Program Files\ESPN\BottomLine\bline.exe [2002-05-22 155759]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-03-23 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe /m=0 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Plugin]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2006-10-30 7634944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2006-10-30 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRISMSVR.EXE]
C:\WINDOWS\system32\PRISMSVR.EXE /APPLY []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoOE]
C:\Program Files\Zango\bin\10.3.75.0\OEAddOn.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZangoSA]
C:\Program Files\Zango\bin\10.3.75.0\ZangoSA.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpohmr08.exe [2003-04-09 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-09 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ralink Wireless Utility.lnk]
C:\PROGRA~1\RALINK\Common\RaUI.exe [2006-05-16 614400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Kenny^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^ESPN BottomLine.lnk]
C:\PROGRA~1\ESPN\BOTTOM~1\bline.exe [2002-05-22 155759]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
C:\DOCUME~1\temp\LimeWire\LimeWire.exe [2008-02-08 147456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^temp^Start Menu^Programs^Startup^Yahoo! Messenger (2).lnk]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 3 months======

2009-10-28 11:12:07 ----D---- C:\rsit
2009-10-28 02:37:31 ----D---- C:\Program Files\Ultimate Bid Whist
2009-10-25 22:29:22 ----D---- C:\WINDOWS\LastGood
2009-10-24 22:24:09 ----D---- C:\Program Files\iPod
2009-10-24 22:24:04 ----D---- C:\Program Files\iTunes
2009-10-24 22:24:04 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-24 22:21:34 ----D---- C:\Program Files\QuickTime
2009-10-24 22:19:06 ----SHD---- C:\Config.Msi
2009-10-24 15:48:17 ----D---- C:\Program Files\Trend Micro
2009-10-24 11:44:33 ----D---- C:\Documents and Settings\temp\Application Data\Malwarebytes
2009-10-24 11:44:27 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-24 11:44:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-24 11:08:16 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-10-19 23:45:16 ----A---- C:\WINDOWS\system32\unrar.dll
2009-10-19 23:45:16 ----A---- C:\WINDOWS\avisplitter.ini
2009-10-19 23:45:15 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-10-19 23:45:15 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-10-19 23:45:15 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-10-19 23:45:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-10-19 23:45:14 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-10-19 23:45:13 ----D---- C:\Program Files\K-Lite Codec Pack
2009-10-18 22:43:19 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-10-18 16:45:39 ----A---- C:\WINDOWS\system32\hal.dll
2009-10-18 16:45:38 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-10-18 16:45:37 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-10-13 23:35:53 ----A---- C:\WINDOWS\system32\SET404.tmp
2009-10-13 23:35:53 ----A---- C:\WINDOWS\system32\SET403.tmp
2009-10-13 23:35:53 ----A---- C:\WINDOWS\system32\SET3FF.tmp
2009-10-13 23:35:52 ----A---- C:\WINDOWS\system32\SET407.tmp
2009-10-13 23:35:51 ----A---- C:\WINDOWS\system32\SET402.tmp
2009-10-13 23:35:51 ----A---- C:\WINDOWS\system32\SET400.tmp
2009-10-13 23:35:49 ----A---- C:\WINDOWS\system32\SET409.tmp
2009-10-06 23:32:00 ----D---- C:\NetZeroInstaller
2009-10-03 21:34:10 ----D---- C:\Program Files\Phantasy Star Online Blue Burst
2009-10-01 20:52:11 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-10-01 20:52:02 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-10-01 20:52:02 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-10-01 20:51:59 ----D---- C:\Program Files\Common Files\xing shared
2009-10-01 20:51:33 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-10-01 20:51:30 ----D---- C:\Program Files\Real
2009-10-01 20:51:27 ----D---- C:\Program Files\Common Files\Real
2009-10-01 20:51:26 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-10-01 20:51:19 ----D---- C:\Documents and Settings\temp\Application Data\Real
2009-09-25 21:52:58 ----D---- C:\Documents and Settings\temp\Application Data\FrostWire
2009-09-25 21:50:50 ----D---- C:\Program Files\FrostWire
2009-09-11 06:18:39 ----A---- C:\WINDOWS\system32\SET3D9.tmp
2009-09-05 08:36:41 ----A---- C:\WINDOWS\system32\muweb.dll
2009-09-05 08:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-05 08:36:41 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-09-04 19:21:17 ----D---- C:\Program Files\Microsoft
2009-09-04 19:21:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-04 19:20:42 ----D---- C:\Program Files\Windows Live
2009-09-04 19:15:32 ----D---- C:\Program Files\Common Files\Windows Live
2009-09-04 17:04:38 ----D---- C:\Documents and Settings\temp\Application Data\skypePM
2009-09-04 17:00:57 ----D---- C:\Documents and Settings\temp\Application Data\Skype
2009-09-04 17:00:24 ----D---- C:\Program Files\Common Files\Skype
2009-09-04 17:00:22 ----RD---- C:\Program Files\Skype
2009-09-04 17:00:18 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-09-04 13:03:36 ----A---- C:\WINDOWS\system32\SET3ED.tmp
2009-08-19 20:35:17 ----A---- C:\WINDOWS\system32\javaws.exe
2009-08-19 20:35:17 ----A---- C:\WINDOWS\system32\javaw.exe
2009-08-19 20:35:17 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 3 months======

2009-10-28 11:12:10 ----D---- C:\WINDOWS\Prefetch
2009-10-28 11:03:54 ----D---- C:\Program Files\Mozilla Firefox
2009-10-28 10:52:01 ----D---- C:\WINDOWS\Temp
2009-10-28 02:37:36 ----D---- C:\WINDOWS
2009-10-28 02:37:31 ----D---- C:\Program Files
2009-10-28 02:37:25 ----D---- C:\WINDOWS\system32
2009-10-28 02:32:19 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-10-25 22:29:22 ----D---- C:\WINDOWS\system32\drivers
2009-10-25 22:29:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-25 22:29:18 ----HD---- C:\WINDOWS\inf
2009-10-24 22:27:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-10-24 22:25:37 ----SHD---- C:\WINDOWS\Installer
2009-10-24 22:24:58 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-24 22:24:07 ----D---- C:\Program Files\Common Files\Apple
2009-10-24 19:47:52 ----SD---- C:\Documents and Settings\temp\Application Data\Microsoft
2009-10-24 19:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-10-24 15:16:26 ----D---- C:\WINDOWS\system32\LogFiles
2009-10-24 15:16:26 ----D---- C:\WINDOWS\Debug
2009-10-24 13:04:02 ----D---- C:\Program Files\Angle Interactive
2009-10-24 04:02:20 ----D---- C:\WINDOWS\system32\CatRoot
2009-10-21 01:55:26 ----D---- C:\Documents and Settings\temp\Application Data\uTorrent
2009-10-21 01:04:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-19 23:45:41 ----D---- C:\Program Files\ffdshow
2009-10-19 21:52:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-18 21:55:00 ----D---- C:\WINDOWS\twain_32
2009-10-18 17:11:43 ----SHD---- C:\System Volume Information
2009-10-18 17:11:43 ----D---- C:\WINDOWS\system32\Restore
2009-10-18 17:04:12 ----D---- C:\Documents and Settings
2009-10-18 08:39:53 ----D---- C:\WINDOWS\system32\config
2009-10-17 01:03:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-17 01:03:36 ----D---- C:\Program Files\Internet Explorer
2009-10-17 01:03:23 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-17 01:03:20 ----D---- C:\WINDOWS\WinSxS
2009-10-16 08:29:45 ----HD---- C:\$AVG8.VAULT$
2009-10-13 20:03:24 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
2009-10-13 07:34:21 ----D---- C:\WINDOWS\Minidump
2009-10-11 19:52:46 ----D---- C:\WINDOWS\pss
2009-10-10 19:33:35 ----D---- C:\Documents and Settings\temp\Application Data\LimeWire
2009-10-06 23:37:34 ----D---- C:\WINDOWS\Help
2009-10-02 10:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-10-01 20:51:59 ----D---- C:\Program Files\Common Files
2009-10-01 20:51:33 ----A---- C:\WINDOWS\system32\msvcp71.dll
2009-09-11 21:32:03 ----D---- C:\Documents and Settings\temp\Application Data\Apple Computer
2009-09-08 07:12:06 ----D---- C:\Program Files\Safari
2009-09-07 23:10:18 ----D---- C:\Program Files\AIM
2009-09-04 19:21:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-04 19:21:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-04 19:20:47 ----RSD---- C:\WINDOWS\Fonts
2009-08-29 00:08:21 ----A---- C:\WINDOWS\system32\wininet.dll
2009-08-29 00:08:21 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-08-29 00:08:20 ----A---- C:\WINDOWS\system32\occache.dll
2009-08-29 00:08:20 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-08-29 00:08:18 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-08-29 00:08:17 ----A---- C:\WINDOWS\system32\iepeers.dll
2009-08-29 00:08:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-08-29 00:08:13 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-08-28 18:42:52 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-08-28 02:35:52 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-08-26 00:00:21 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-19 20:35:15 ----D---- C:\Program Files\Java
2009-08-15 01:03:27 ----D---- C:\Program Files\Outlook Express
2009-08-06 15:24:18 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-08-06 15:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2009-08-06 15:24:18 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-08-06 15:24:10 ----A---- C:\WINDOWS\system32\wups2.dll
2009-08-06 15:24:10 ----A---- C:\WINDOWS\system32\wups.dll
2009-08-06 15:24:06 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-08-06 15:24:06 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-08-06 15:24:04 ----A---- C:\WINDOWS\system32\cdm.dll
2009-08-06 15:24:00 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui
2009-08-06 15:23:54 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-08-06 15:23:46 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-08-05 01:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-31 05:42:26 ----A---- C:\WINDOWS\system32\avgrsstx.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-09-15 27408]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-09-15 52368]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-10-18 21275]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-09-15 23152]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-30 3964256]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-03-15 20352]
R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 Bridge;MAC Bridge; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-08 14736]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
S3 phil2vid;Philips USB VGA Camera; C:\WINDOWS\system32\DRIVERS\philcam2.sys [2001-08-17 173696]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-09-15 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-09-15 138680]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-30 155715]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-09-15 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-09-15 352920]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]

-----------------EOF-----------------



info.txt

info.txt logfile of random's system information tool 1.06 2009-10-28 11:12:19

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2Wire Wireless Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}\Setup.exe" -l0x9 -L0x9
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe® Photoshop® Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Any Video Converter 2.7.2-->"C:\Program Files\Any Video Converter\unins000.exe"
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
ESPN BottomLine-->"C:\Program Files\ESPN\BottomLine\setup.exe" -u
Family Tree Maker 7.0-->C:\WINDOWS\IsUninst.exe -fC:\FTW\Uninst.isu
FINAL FANTASY XI: Chains of Promathia-->C:\Program Files\InstallShield Installation Information\{3C0619B4-4A2C-4244-8077-488E420DF907}\setup.exe -runfromtemp -l0x0409
FINAL FANTASY XI: Rise of the Zilart-->C:\Program Files\InstallShield Installation Information\{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}\setup.exe -runfromtemp -l0x0409
FINAL FANTASY XI: Treasures of Aht Urhgan-->C:\Program Files\InstallShield Installation Information\{A606C6FF-12E7-40BE-B777-D8F360FF00CD}\setup.exe -runfromtemp -l0x0409
FINAL FANTASY XI: Wings of the Goddess-->C:\Program Files\InstallShield Installation Information\{5B037ED7-0755-48D4-9554-808E5AF50F17}\setup.exe -runfromtemp -l0x0409
FINAL FANTASY XI-->C:\Program Files\InstallShield Installation Information\{678F6475-D227-432A-94FF-806178A34520}\setup.exe -runfromtemp -l0x0409
Free Mp3 Wma Converter V 1.8.0-->"C:\Program Files\Free Audio Pack\unins000.exe"
FrostWire 4.18.3-->C:\Program Files\FrostWire\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
HP Photo and Imaging 2.0 - All-in-One Drivers-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
HP Photo and Imaging 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
HP Photo and Imaging 2.0 - hp psc 1200 series-->C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 5.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LimeWire 5.2.8-->"C:\Program Files\LimeWire\uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero 7 Essentials-->MsiExec.exe /I{F17F7703-1E72-40C1-A0DD-E5B365661033}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenOffice.org 3.1-->MsiExec.exe /I{E6B87DC4-2B3D-4483-ADFF-E483BF718991}
Phantasy Star Online Blue Burst 1.0-->"C:\Program Files\Phantasy Star Online Blue Burst\unins000.exe"
PlayOnline Viewer & Tetra Master-->C:\Program Files\InstallShield Installation Information\{47004155-7376-403E-89E9-4C9F44AAF0D0}\setup.exe -runfromtemp -l0x0409
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{E9ED0801-253D-4FE9-AB20-F63DEFE72547}
Saunders NCLEX-RN4e-->C:\Program Files\Saunders NCLEX-RN4e\uninst.exe
SBC Yahoo! DSL Home Networking Installer-->C:\Program Files\2Wire\Uninstaller.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Ultimate Bid Whist-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Ultimate Bid Whist\ST5UNST.LOG"
Update for Windows Internet Explorer 8 (KB972636)-->"C:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

=====HijackThis Backups=====

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-10-24]
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2009-10-24]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-10-24]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl [2009-10-24]
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-24]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-10-24]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ [2009-10-24]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-10-24]
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-10-24]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-24]
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-24]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-10-24]
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-24]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-10-24]
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2009-10-24]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-10-24]
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-24]
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-10-24]
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll [2009-10-24]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-24]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-10-24]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2009-10-24]
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-10-24]
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-10-24]
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe [2009-10-24]
O4 - Startup: Mozilla Firefox (2).lnk = C:\Program Files\Mozilla Firefox\firefox.exe [2009-10-24]
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [2009-10-24]
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-10-24]
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [2009-10-24]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2009-10-24]
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [2009-10-24]
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2009-10-24]
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe [2009-10-24]
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [2009-10-24]
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-10-24]
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install [2009-10-24]
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE [2009-10-24]
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-10-24]
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe [2009-10-24]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-24]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-10-24]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-10-24]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-24]
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-10-24]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll [2009-10-24]
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-10-24]
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe [2009-10-24]
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-10-24]
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-10-24]
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-10-24]
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-10-24]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2009-10-24]

======Security center information======

AV: AVG Anti-Virus
AV: avast! antivirus 4.8.1356 [VPS 091023-0]

======System event log======

Computer Name: FAMILY
Event Code: 20
Message: Printer Driver hp psc 1200 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku07.dll, hpzntp07.dll, hpop1207.dat, hpocahpr.hlp, hpzcin06.exe, hpzscr07.dll, hpzcfg07.exe, hpzcoi07.dll, hpzcon07.dll, hpzeng07.exe, hpzflt07.dll, hpzimc07.dll, hpzime07.dll, hpzjui07.dll, hpzlnt07.dll, hpzpcl07.dll, hpzpre07.exe, hpzr3207.dll, hpzres07.dll, hpzrp307.dll, hpzslk07.dll, hpzsnt07.dll, hpzstc07.exe, hpzstw07.exe, hpztbi07.dll, hpztbu07.exe, hpztbx07.exe, hpzvip07.dll, hpocabpr.hlp, hpocampr.hlp, hpocaspr.hlp, hpop1007.dat, hpop1107.dat, hpop2207.dat, hpop2107.dat, hpop2007.dat, hpopd907.dat, hpop4007.dat, hpop4107.dat, hpop6107.dat.

Record Number: 15035
Source Name: Print
Time Written: 20091018233133.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 20
Message: Printer Driver hp psc 1200 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku07.dll, hpzntp07.dll, hpop1207.dat, hpocahpr.hlp, hpzcin06.exe, hpzscr07.dll, hpzcfg07.exe, hpzcoi07.dll, hpzcon07.dll, hpzeng07.exe, hpzflt07.dll, hpzimc07.dll, hpzime07.dll, hpzjui07.dll, hpzlnt07.dll, hpzpcl07.dll, hpzpre07.exe, hpzr3207.dll, hpzres07.dll, hpzrp307.dll, hpzslk07.dll, hpzsnt07.dll, hpzstc07.exe, hpzstw07.exe, hpztbi07.dll, hpztbu07.exe, hpztbx07.exe, hpzvip07.dll, hpocabpr.hlp, hpocampr.hlp, hpocaspr.hlp, hpop1007.dat, hpop1107.dat, hpop2207.dat, hpop2107.dat, hpop2007.dat, hpopd907.dat, hpop4007.dat, hpop4107.dat, hpop6107.dat.

Record Number: 15034
Source Name: Print
Time Written: 20091018233131.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 20
Message: Printer Driver hp psc 1200 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku07.dll, hpzntp07.dll, hpop1207.dat, hpocahpr.hlp, hpzcin06.exe, hpzscr07.dll, hpzcfg07.exe, hpzcoi07.dll, hpzcon07.dll, hpzeng07.exe, hpzflt07.dll, hpzimc07.dll, hpzime07.dll, hpzjui07.dll, hpzlnt07.dll, hpzpcl07.dll, hpzpre07.exe, hpzr3207.dll, hpzres07.dll, hpzrp307.dll, hpzslk07.dll, hpzsnt07.dll, hpzstc07.exe, hpzstw07.exe, hpztbi07.dll, hpztbu07.exe, hpztbx07.exe, hpzvip07.dll, hpocabpr.hlp, hpocampr.hlp, hpocaspr.hlp, hpop1007.dat, hpop1107.dat, hpop2207.dat, hpop2107.dat, hpop2007.dat, hpopd907.dat, hpop4007.dat, hpop4107.dat, hpop6107.dat.

Record Number: 15033
Source Name: Print
Time Written: 20091018233130.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 20
Message: Printer Driver hp psc 1200 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku07.dll, hpzntp07.dll, hpop1207.dat, hpocahpr.hlp, hpzcin06.exe, hpzscr07.dll, hpzcfg07.exe, hpzcoi07.dll, hpzcon07.dll, hpzeng07.exe, hpzflt07.dll, hpzimc07.dll, hpzime07.dll, hpzjui07.dll, hpzlnt07.dll, hpzpcl07.dll, hpzpre07.exe, hpzr3207.dll, hpzres07.dll, hpzrp307.dll, hpzslk07.dll, hpzsnt07.dll, hpzstc07.exe, hpzstw07.exe, hpztbi07.dll, hpztbu07.exe, hpztbx07.exe, hpzvip07.dll, hpocabpr.hlp, hpocampr.hlp, hpocaspr.hlp, hpop1007.dat, hpop1107.dat, hpop2207.dat, hpop2107.dat, hpop2007.dat, hpopd907.dat, hpop4007.dat, hpop4107.dat, hpop6107.dat.

Record Number: 15032
Source Name: Print
Time Written: 20091018233128.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: FAMILY
Event Code: 20
Message: Printer Driver hp psc 1200 series for Windows NT x86 Version-3 was added or updated. Files:- hpz2ku07.dll, hpzntp07.dll, hpop1207.dat, hpocahpr.hlp, hpzcin06.exe, hpzscr07.dll, hpzcfg07.exe, hpzcoi07.dll, hpzcon07.dll, hpzeng07.exe, hpzflt07.dll, hpzimc07.dll, hpzime07.dll, hpzjui07.dll, hpzlnt07.dll, hpzpcl07.dll, hpzpre07.exe, hpzr3207.dll, hpzres07.dll, hpzrp307.dll, hpzslk07.dll, hpzsnt07.dll, hpzstc07.exe, hpzstw07.exe, hpztbi07.dll, hpztbu07.exe, hpztbx07.exe, hpzvip07.dll, hpocabpr.hlp, hpocampr.hlp, hpocaspr.hlp, hpop1007.dat, hpop1107.dat, hpop2207.dat, hpop2107.dat, hpop2007.dat, hpopd907.dat, hpop4007.dat, hpop4107.dat, hpop6107.dat.

Record Number: 15031
Source Name: Print
Time Written: 20091018233126.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: TEMP-8DE67DF030
Event Code: 1001
Message: Fault bucket 686327317.

Record Number: 224
Source Name: Application Hang
Time Written: 20080402181010.000000-480
Event Type: error
User:

Computer Name: TEMP-8DE67DF030
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20080.31114, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 223
Source Name: Application Hang
Time Written: 20080402181007.000000-480
Event Type: error
User:

Computer Name: TEMP-8DE67DF030
Event Code: 1517
Message: Windows saved user TEMP-8DE67DF030\temp registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 222
Source Name: Userenv
Time Written: 20080401213812.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: TEMP-8DE67DF030
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20080.20121, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 217
Source Name: Application Hang
Time Written: 20080319184400.000000-480
Event Type: error
User:

Computer Name: TEMP-8DE67DF030
Event Code: 1517
Message: Windows saved user TEMP-8DE67DF030\Kenny registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 216
Source Name: Userenv
Time Written: 20080319132609.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » October 30th, 2009, 3:59 am

Hi jayhovah

Use of P2P (Person to Person) file sharing programs

I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

LimeWire

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Make an uninstall list using HijackThis

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » October 30th, 2009, 1:11 pm

2Wire Wireless Client
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe® Photoshop® Album Starter Edition 3.2
Any Video Converter 2.7.2
AOL Instant Messenger
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
CCleaner (remove only)
ESPN BottomLine
Family Tree Maker 7.0
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
Free Mp3 Wma Converter V 1.8.0
Google Earth
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
hp psc 1200 series
iTunes
Java(TM) 6 Update 15
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
K-Lite Codec Pack 5.2.0 (Full)
Malwarebytes' Anti-Malware
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Mozilla Firefox (3.5.4)
MSN
MSVCRT
Nero 7 Essentials
NVIDIA Drivers
OpenOffice.org 3.1
Phantasy Star Online Blue Burst 1.0
PlayOnline Viewer & Tetra Master
PowerDVD
QuickTime
Ralink Wireless LAN Card
RealPlayer
Realtek High Definition Audio Driver
Safari
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Saunders NCLEX-RN4e
SBC Yahoo! DSL Home Networking Installer
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Segoe UI
Skype web features
Skype™ 4.1
Update for Windows Internet Explorer 8 (KB972636)
Ventrilo Client
Viewpoint Media Player
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » October 30th, 2009, 1:35 pm

Hi jayhovah

Please download GooredFix.exe...by jpshortstuff.
Save it to your desktop... Alternate Site.
  • Ensure all Firefox windows are closed.
  • Double-click GooredFix.exe to run it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  • Please copy and paste the contents of the GooredFix.txt file in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » October 30th, 2009, 1:57 pm

GooredFix by jpshortstuff (24.09.09.1)
Log created at 13:56 on 30/10/2009 (temp)
Firefox version 3.5.4 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:14 30/01/2008]
{B13721C7-F507-4982-B2E5-502A71474FED} [01:00 05/09/2009]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [02:56 03/02/2008]
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [19:15 10/08/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [17:31 18/03/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [02:22 18/08/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [21:22 30/10/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [20:54 22/07/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [04:35 20/08/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:54 22/07/2009]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext" [04:52 02/10/2009]

-=E.O.F=-
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » October 30th, 2009, 2:22 pm

Hi jayhovah

1 - Run Malwarebytes' Anti-Malware

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

3 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » October 30th, 2009, 4:05 pm

Didnt have the option to remove anything but a lot of stuff is in quarantine.

Malwarebytes' Anti-Malware 1.41
Database version: 3062
Windows 5.1.2600 Service Pack 2

10/30/2009 3:57:17 PM
mbam-log-2009-10-30 (15-57-17).txt

Scan type: Full Scan (C:\|)
Objects scanned: 268753
Time elapsed: 1 hour(s), 11 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:49 PM, on 10/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3014 bytes

Still having the google problem where it redirects me to something totally different from what i selected.
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » October 31st, 2009, 4:29 am

Hi jayhovah

Download and run OTS

  • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
  • Click the Scan All Users checkbox on the toolbar.
  • Do not change any other settings.
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
  • Close Notepad (saving the change if necessry).

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » October 31st, 2009, 1:20 pm

figured how to work it. here is the log file.

Code: Select all
OTS logfile created on: 10/31/2009 1:34:13 PM - Run 1
OTS by OldTimer - Version 3.1.1.5     Folder = C:\Documents and Settings\temp\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.94 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 66.40% Memory free
3.19 Gb Paging File | 2.64 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 160.51 Gb Free Space | 68.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 27.85 Gb Total Space | 18.58 Gb Free Space | 66.69% Space Free | Partition Type: FAT32
Drive F: | 7.42 Gb Total Space | 4.42 Gb Free Space | 59.55% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: FAMILY
Current User Name: temp
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\temp\Desktop\OTS.exe -> [2009/10/31 13:18:01 | 00,523,264 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2009/10/29 16:32:25 | 00,908,280 | ---- | M] (Mozilla Corporation)
realsched.exe -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe -> [2009/10/01 20:51:29 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/09/30 05:31:23 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.)
ituneshelper.exe -> C:\Program Files\iTunes\iTunesHelper.exe -> [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
ipodservice.exe -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.)
msnmsgr.exe -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe -> [2009/07/26 12:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/07/25 01:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 07:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
aim6.exe -> C:\Program Files\AIM6\aim6.exe -> [2009/05/26 06:38:57 | 00,049,968 | ---- | M] (AOL LLC)
wlcomm.exe -> C:\Program Files\Windows Live\Contacts\wlcomm.exe -> [2009/02/06 13:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation)
aolsoftware.exe -> C:\Program Files\AIM6\aolsoftware.exe -> [2008/11/06 09:33:00 | 00,041,264 | ---- | M] (AOL LLC)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
yahoom~1.exe -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> [2007/08/30 14:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
viewpointservice.exe -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
nvsvc32.exe -> C:\WINDOWS\system32\nvsvc32.exe -> [2006/10/30 22:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation)
wmpnscfg.exe -> C:\Program Files\Windows Media Player\wmpnscfg.exe -> [2006/10/18 16:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files\iPod\bin\iPodService.exe -> [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2009/07/25 01:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/06/05 07:48:14 | 00,144,712 | ---- | M] (Apple Inc.)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 16:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(Viewpoint Manager Service) Viewpoint Manager Service [Win32_Own | Auto | Running] -> C:\Program Files\Viewpoint\Common\ViewpointService.exe -> [2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation)
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> C:\WINDOWS\system32\nvsvc32.exe -> [2006/10/30 22:35:00 | 00,155,715 | ---- | M] (NVIDIA Corporation)
 
[Driver Services - Safe List]
(aswTdi) avast! Network Shield Support [Kernel | Unknown | Running] ->  -> File not found
(aswSP) avast! Self Protection [Kernel | Unknown | Running] ->  -> File not found
(aswRdr) aswRdr [Kernel | Unknown | Running] ->  -> File not found
(aswMon2) avast! Standard Shield Support [File_System | Unknown | Running] ->  -> File not found
(aswFsBlk) aswFsBlk [File_System | Unknown | Running] ->  -> File not found
(Aavmker4) avast! Asynchronous Virus Monitor [Kernel | Unknown | Running] ->  -> File not found
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2009/10/18 19:37:34 | 00,021,275 | ---- | M] (Meetinghouse Data Communications)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\usbaapl.sys -> [2009/08/28 18:42:52 | 00,040,448 | ---- | M] (Apple, Inc.)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.)
(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/08 21:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 10:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 08:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2007/07/18 03:26:04 | 04,547,584 | R--- | M] (Realtek Semiconductor Corp.)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/11/27 16:33:54 | 00,019,968 | ---- | M] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/11/27 16:33:50 | 00,058,368 | ---- | M] (NVIDIA Corporation)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2006/10/30 22:35:00 | 03,964,256 | ---- | M] (NVIDIA Corporation)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2006/06/18 23:37:34 | 00,036,864 | ---- | M] (Advanced Micro Devices)
(RT61) Ralink RT61 Wireless Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rt61.sys -> [2006/05/04 19:02:58 | 00,380,928 | ---- | M] (Ralink Technology Inc.)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\point32.sys -> [2005/03/15 01:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2003/03/09 21:31:02 | 00,021,456 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2003/03/09 21:31:02 | 00,016,080 | ---- | M] (HP)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hpzid412.sys -> [2003/03/09 21:31:00 | 00,051,024 | ---- | M] (HP)
(phil2vid) Philips USB VGA Camera [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\philcam2.sys -> [2001/08/17 14:04:08 | 00,173,696 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\temp\Desktop\OTS.exe -> [2009/10/31 13:18:01 | 00,523,264 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll -> [2008/04/13 16:12:51 | 01,054,208 | ---- | M] (Microsoft Corporation)
framedyn.dll -> C:\WINDOWS\system32\wbem\framedyn.dll -> [2008/04/13 16:11:53 | 00,185,344 | ---- | M] (Microsoft Corporation)
idle.dll -> C:\Program Files\Yahoo!\Messenger\idle.dll -> [2007/08/30 14:43:14 | 00,006,144 | ---- | M] (Yahoo! Inc.)
msvcr71.dll -> C:\Program Files\Yahoo!\Messenger\msvcr71.dll -> [2007/08/30 13:17:38 | 00,348,160 | ---- | M] (Microsoft Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" ->  [binary data] -> 
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> 
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: Main\\"Search Page" -> http://www.google.com -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: Main\\"SearchMigratedDefaultName" -> Yahoo! Search -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: Main\\"SearchMigratedDefaultURL" -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: Main\\"Start Page" -> http://www.msn.com/ -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: SearchURL\\"" -> http://www.google.com/keyword/%s -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\: "ProxyEnable" -> 0 -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\temp\Application Data\Mozilla\FireFox\Profiles\np858xja.default\prefs.js -> 
extensions.enabledItems -> {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1 ->
extensions.enabledItems -> {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 ->
extensions.enabledItems -> {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  -> 
HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com -> C:\Program Files\Java\jre6\lib\deploy\jqs\ff [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/07/22 12:54:27 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT] -> [2009/10/01 20:52:17 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2009/10/31 13:17:24 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2009/10/31 00:04:36 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Extensions -> [2008/08/31 17:48:50 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2008/08/31 17:48:50 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\extensions -> [2009/10/30 17:35:41 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} -> [2009/10/30 17:35:39 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/10/30 17:35:41 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2009/10/30 17:35:22 | 00,000,000 | ---D | M]
  -> C:\Documents and Settings\temp\Application Data\Mozilla\Firefox\Profiles\np858xja.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2009/10/30 17:35:35 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2009/10/31 13:17:38 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/10/29 16:32:31 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} -> [2009/09/04 17:00:48 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> [2008/02/02 18:56:39 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} -> [2008/08/10 11:15:47 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -> [2008/03/18 09:31:33 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} -> [2008/08/17 18:22:52 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -> [2009/10/30 13:22:47 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/07/22 12:54:37 | 00,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -> [2009/08/19 20:35:18 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > -> 
 browserdirprovider.dll -> C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll -> [2009/10/29 16:32:24 | 00,023,544 | ---- | M] (Mozilla Foundation)
 brwsrcmp.dll -> C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll -> [2009/10/29 16:32:24 | 00,137,208 | ---- | M] (Mozilla Foundation)
< HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> C:\Program Files\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2009/07/25 01:23:02 | 00,321,312 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2009/08/13 14:51:42 | 00,177,440 | ---- | M] (Apple Inc.)
"iTunesHelper" -> C:\Program Files\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009/09/10 13:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2006/10/30 22:35:00 | 07,634,944 | ---- | M] (NVIDIA Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2009/09/05 00:54:42 | 00,417,792 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/07/25 01:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot] -> [2009/10/01 20:51:29 | 00,198,160 | ---- | M] (RealNetworks, Inc.)
< Run [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Aim6" -> C:\Program Files\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> [2009/05/26 06:38:57 | 00,049,968 | ---- | M] (AOL LLC)
"msnmsgr" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe ["C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background] -> [2009/07/26 12:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"Yahoo! Pager" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe ["C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet] -> [2007/08/30 14:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Arick Startup Folder > -> C:\Documents and Settings\Arick\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Arick\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe -> File not found
C:\Documents and Settings\Arick\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk -> C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe -> File not found
< Billie Startup Folder > -> C:\Documents and Settings\Billie\Start Menu\Programs\Startup -> 
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup -> 
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 2.3.lnk -> C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe -> File not found
C:\Documents and Settings\Guest\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/04/16 10:14:14 | 00,384,000 | ---- | M] ()
< Kenny Startup Folder > -> C:\Documents and Settings\Kenny\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Kenny\Start Menu\Programs\Startup\LimeWire On Startup.lnk -> C:\Program Files\LimeWire\LimeWire.exe -> File not found
C:\Documents and Settings\Kenny\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe -> [2009/04/16 10:14:14 | 00,384,000 | ---- | M] ()
< temp Startup Folder > -> C:\Documents and Settings\temp\Start Menu\Programs\Startup -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" ->  [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" ->  [0] -> File not found
\\"legalnoticecaption" ->  [] -> File not found
\\"legalnoticetext" ->  [] -> File not found
\\"shutdownwithoutlogon" ->  [1] -> File not found
\\"undockwithoutlogon" ->  [1] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008] > -> HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [149] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> 
&Search -> Reg Error: Value error. [Reg Error: Value error.] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}:Exec [HKLM] -> C:\Program Files\AIM\aim.exe [Button: AIM] -> [2006/08/01 11:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\] > -> HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\] > -> HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\Av_S-1-5-21-220523388-484763869-725345543-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\] > -> HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-220523388-484763869-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Reg Error: Key error.] -> 
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] -> 
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 16:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 16:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" -> C:\Program Files\AIM\aim.exe [C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger] -> [2006/08/01 11:35:36 | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\AIM6\aim6.exe" -> C:\Program Files\AIM6\aim6.exe [C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM] -> [2009/05/26 06:38:57 | 00,049,968 | ---- | M] (AOL LLC)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC)
"C:\Program Files\uTorrent\uTorrent.exe" -> C:\Program Files\uTorrent\uTorrent.exe [C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/02/10 20:07:46 | 00,270,128 | ---- | M] (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" -> C:\Program Files\Windows Live\Messenger\msnmsgr.exe [C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger] -> [2009/07/26 12:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -> C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger] -> [2007/08/30 14:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
"AlternateShell" -> cmd.exe -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/11/21 04:29:28 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> File not found
exefile [open] -> "%1" %* -> File not found
 
 
[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Documents and Settings\temp\Desktop\OTS.exe -> [2009/10/31 13:18:01 | 00,523,264 | ---- | C] (OldTimer Tools)
LastGood -> C:\WINDOWS\LastGood -> [2009/10/31 05:00:25 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Application Data\acccore -> C:\Documents and Settings\temp\Application Data\acccore -> [2009/10/31 00:11:43 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Local Settings\Application Data\AOL -> C:\Documents and Settings\temp\Local Settings\Application Data\AOL -> [2009/10/31 00:11:28 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Local Settings\Application Data\AOL OCP -> C:\Documents and Settings\temp\Local Settings\Application Data\AOL OCP -> [2009/10/31 00:04:39 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\acccore -> C:\Documents and Settings\All Users\Application Data\acccore -> [2009/10/31 00:04:33 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\AOL OCP -> C:\Documents and Settings\All Users\Application Data\AOL OCP -> [2009/10/31 00:04:23 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\AOL -> C:\Documents and Settings\All Users\Application Data\AOL -> [2009/10/31 00:04:23 | 00,000,000 | ---D | C]
 C:\Program Files\Common Files\AOL -> C:\Program Files\Common Files\AOL -> [2009/10/31 00:04:07 | 00,000,000 | ---D | C]
 C:\Program Files\AIM6 -> C:\Program Files\AIM6 -> [2009/10/31 00:03:52 | 00,000,000 | ---D | C]
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2009/10/30 13:22:45 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2009/10/30 13:22:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2009/10/30 13:22:45 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
Recent -> C:\Documents and Settings\temp\Recent -> [2009/10/30 03:05:54 | 00,000,000 | RH-D | C]
Reg backups -> C:\Documents and Settings\temp\Desktop\Reg backups -> [2009/10/30 02:58:46 | 00,000,000 | ---D | C]
Config.Msi -> C:\Config.Msi -> [2009/10/30 02:53:51 | 00,000,000 | -HSD | C]
 C:\Program Files\Utherverse Digital Inc -> C:\Program Files\Utherverse Digital Inc -> [2009/10/30 02:53:31 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Application Data\AVG8 -> C:\Documents and Settings\temp\Application Data\AVG8 -> [2009/10/29 15:10:22 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\TEMP -> C:\Documents and Settings\All Users\Application Data\TEMP -> [2009/10/29 14:29:55 | 00,000,000 | ---D | C]
rsit -> C:\rsit -> [2009/10/28 11:12:07 | 00,000,000 | ---D | C]
 C:\Program Files\iPod -> C:\Program Files\iPod -> [2009/10/24 22:24:09 | 00,000,000 | ---D | C]
 C:\Program Files\iTunes -> C:\Program Files\iTunes -> [2009/10/24 22:24:04 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} -> [2009/10/24 22:24:04 | 00,000,000 | ---D | C]
 C:\Program Files\QuickTime -> C:\Program Files\QuickTime -> [2009/10/24 22:21:34 | 00,000,000 | ---D | C]
 C:\Program Files\Trend Micro -> C:\Program Files\Trend Micro -> [2009/10/24 15:48:17 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Application Data\Malwarebytes -> C:\Documents and Settings\temp\Application Data\Malwarebytes -> [2009/10/24 11:44:33 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2009/10/24 11:44:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2009/10/24 11:44:27 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
 C:\Program Files\Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2009/10/24 11:44:27 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2009/10/24 11:44:27 | 00,000,000 | ---D | C]
lameACM.acm -> C:\WINDOWS\System32\lameACM.acm -> [2009/10/19 23:45:15 | 00,839,680 | ---- | C] (http://www.mp3dev.org/)
yv12vfw.dll -> C:\WINDOWS\System32\yv12vfw.dll -> [2009/10/19 23:45:15 | 00,217,088 | ---- | C] (www.helixcommunity.org)
ac3acm.acm -> C:\WINDOWS\System32\ac3acm.acm -> [2009/10/19 23:45:15 | 00,118,784 | ---- | C] (fccHandler)
 C:\Program Files\K-Lite Codec Pack -> C:\Program Files\K-Lite Codec Pack -> [2009/10/19 23:45:13 | 00,000,000 | ---D | C]
CatRoot_bak -> C:\WINDOWS\System32\CatRoot_bak -> [2009/10/18 22:43:19 | 00,000,000 | ---D | C]
hal.dll -> C:\WINDOWS\System32\hal.dll -> [2009/10/18 16:45:39 | 00,134,400 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\WINDOWS\System32\ntkrnlpa.exe -> [2009/10/18 16:45:38 | 02,023,936 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\WINDOWS\System32\ntoskrnl.exe -> [2009/10/18 16:45:37 | 02,145,280 | ---- | C] (Microsoft Corporation)
NetZeroInstaller -> C:\NetZeroInstaller -> [2009/10/06 23:32:00 | 00,000,000 | ---D | C]
 C:\Program Files\Phantasy Star Online Blue Burst -> C:\Program Files\Phantasy Star Online Blue Burst -> [2009/10/03 21:34:10 | 00,000,000 | ---D | C]
rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2009/10/01 20:52:11 | 00,185,920 | ---- | C] (RealNetworks, Inc.)
pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2009/10/01 20:52:02 | 00,006,656 | ---- | C] (RealNetworks, Inc.)
pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2009/10/01 20:52:02 | 00,005,632 | ---- | C] (RealNetworks, Inc.)
 C:\Program Files\Common Files\xing shared -> C:\Program Files\Common Files\xing shared -> [2009/10/01 20:51:59 | 00,000,000 | ---D | C]
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2009/10/01 20:51:33 | 00,278,528 | ---- | C] (Real Networks, Inc)
 C:\Program Files\Real -> C:\Program Files\Real -> [2009/10/01 20:51:30 | 00,000,000 | ---D | C]
 C:\Program Files\Common Files\Real -> C:\Program Files\Common Files\Real -> [2009/10/01 20:51:27 | 00,000,000 | ---D | C]
 C:\Documents and Settings\All Users\Application Data\Real -> C:\Documents and Settings\All Users\Application Data\Real -> [2009/10/01 20:51:26 | 00,000,000 | ---D | C]
 C:\Documents and Settings\temp\Application Data\Real -> C:\Documents and Settings\temp\Application Data\Real -> [2009/10/01 20:51:19 | 00,000,000 | ---D | C]
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files/Folders - Modified Within 30 Days]
OTS.exe -> C:\Documents and Settings\temp\Desktop\OTS.exe -> [2009/10/31 13:18:01 | 00,523,264 | ---- | M] (OldTimer Tools)
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2009/10/31 10:15:40 | 00,013,646 | ---- | M] ()
IPH.PH -> C:\IPH.PH -> [2009/10/31 00:11:28 | 00,000,371 | -H-- | M] ()
AIM 6.lnk -> C:\Documents and Settings\All Users\Desktop\AIM 6.lnk -> [2009/10/31 00:04:32 | 00,001,634 | ---- | M] ()
whistportal.lnk -> C:\Documents and Settings\temp\Desktop\whistportal.lnk -> [2009/10/30 13:28:36 | 00,001,802 | ---- | M] ()
hpfr3420.xml -> C:\hpfr3420.xml -> [2009/10/29 22:31:54 | 00,000,000 | ---- | M] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2009/10/29 19:12:28 | 00,000,116 | ---- | M] ()
CONFIG.NT -> C:\WINDOWS\System32\CONFIG.NT -> [2009/10/29 15:28:56 | 00,002,577 | ---- | M] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2009/10/29 15:18:19 | 00,358,092 | ---- | M] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2009/10/29 15:18:19 | 00,313,210 | ---- | M] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2009/10/29 15:18:19 | 00,040,836 | ---- | M] ()
nvapps.xml -> C:\WINDOWS\System32\nvapps.xml -> [2009/10/29 15:04:36 | 00,081,496 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2009/10/29 15:04:02 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2009/10/29 15:03:42 | 00,002,048 | --S- | M] ()
ntuser.dat -> C:\Documents and Settings\temp\ntuser.dat -> [2009/10/29 14:54:37 | 05,767,168 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\temp\ntuser.ini -> [2009/10/29 14:54:37 | 00,000,178 | -HS- | M] ()
tdlwsp.dll -> C:\WINDOWS\System32\tdlwsp.dll -> [2009/10/29 07:06:43 | 00,022,016 | ---- | M] ()
AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2009/10/27 11:37:02 | 00,000,284 | ---- | M] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/10/24 22:25:01 | 00,001,804 | ---- | M] ()
HijackThis.lnk -> C:\Documents and Settings\temp\Desktop\HijackThis.lnk -> [2009/10/24 15:48:19 | 00,001,734 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/24 11:44:31 | 00,000,696 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\temp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/10/21 01:04:31 | 00,034,816 | ---- | M] ()
AegisP.sys -> C:\WINDOWS\System32\drivers\AegisP.sys -> [2009/10/18 19:37:34 | 00,021,275 | ---- | M] (Meetinghouse Data Communications)
IconCache.db -> C:\Documents and Settings\temp\Local Settings\Application Data\IconCache.db -> [2009/10/18 17:36:10 | 02,639,974 | -H-- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2009/10/16 13:18:25 | 42,993,323 | ---- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009/10/16 09:36:20 | 20,799,03744 | -HS- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2009/10/15 17:18:34 | 00,033,037 | ---- | M] ()
PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2009/10/13 20:03:24 | 00,000,151 | ---- | M] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/10/13 10:00:00 | 00,085,504 | ---- | M] ()
avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2009/10/13 10:00:00 | 00,000,038 | ---- | M] ()
CCleaner.lnk -> C:\Documents and Settings\temp\Desktop\CCleaner.lnk -> [2009/10/11 19:48:00 | 00,001,548 | ---- | M] ()
d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2009/10/11 18:12:06 | 00,000,664 | ---- | M] ()
MRT.exe -> C:\WINDOWS\System32\MRT.exe -> [2009/10/02 10:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation)
RealPlayer SP.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk -> [2009/10/01 20:52:17 | 00,000,897 | ---- | M] ()
rmoc3260.dll -> C:\WINDOWS\System32\rmoc3260.dll -> [2009/10/01 20:52:11 | 00,185,920 | ---- | M] (RealNetworks, Inc.)
pndx5016.dll -> C:\WINDOWS\System32\pndx5016.dll -> [2009/10/01 20:52:02 | 00,006,656 | ---- | M] (RealNetworks, Inc.)
pndx5032.dll -> C:\WINDOWS\System32\pndx5032.dll -> [2009/10/01 20:52:02 | 00,005,632 | ---- | M] (RealNetworks, Inc.)
msvcp71.dll -> C:\WINDOWS\System32\msvcp71.dll -> [2009/10/01 20:51:33 | 00,499,712 | ---- | M] (Microsoft Corporation)
pncrt.dll -> C:\WINDOWS\System32\pncrt.dll -> [2009/10/01 20:51:33 | 00,278,528 | ---- | M] (Real Networks, Inc)
 682 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 
 16 C:\Documents and Settings\temp\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\temp\Local Settings\Temp\*.tmp -> 
 16 C:\Documents and Settings\temp\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\temp\Local Settings\Temp\*.tmp -> 
 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 
 
[Files - No Company Name]
AIM 6.lnk -> C:\Documents and Settings\All Users\Desktop\AIM 6.lnk -> [2009/10/31 00:04:32 | 00,001,634 | ---- | C] ()
IPH.PH -> C:\IPH.PH -> [2009/10/31 00:03:49 | 00,000,371 | -H-- | C] ()
tdlwsp.dll -> C:\WINDOWS\System32\tdlwsp.dll -> [2009/10/29 07:06:43 | 00,022,016 | ---- | C] ()
whistportal.lnk -> C:\Documents and Settings\temp\Desktop\whistportal.lnk -> [2009/10/28 02:47:00 | 00,001,802 | ---- | C] ()
iTunes.lnk -> C:\Documents and Settings\All Users\Desktop\iTunes.lnk -> [2009/10/24 22:25:01 | 00,001,804 | ---- | C] ()
HijackThis.lnk -> C:\Documents and Settings\temp\Desktop\HijackThis.lnk -> [2009/10/24 15:48:18 | 00,001,734 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/10/24 11:44:31 | 00,000,696 | ---- | C] ()
unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2009/10/19 23:45:16 | 00,178,176 | ---- | C] ()
avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2009/10/19 23:45:16 | 00,000,038 | ---- | C] ()
xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2009/10/19 23:45:15 | 00,881,664 | ---- | C] ()
xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2009/10/19 23:45:15 | 00,205,824 | ---- | C] ()
lame_acm.xml -> C:\WINDOWS\System32\lame_acm.xml -> [2009/10/19 23:45:15 | 00,000,414 | ---- | C] ()
ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2009/10/19 23:45:14 | 00,085,504 | ---- | C] ()
ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2009/10/19 23:45:14 | 00,000,547 | ---- | C] ()
 IconCache.db -> C:\Documents and Settings\temp\Local Settings\Application Data\IconCache.db -> [2009/10/06 12:27:35 | 02,639,974 | -H-- | C] ()
RealPlayer SP.lnk -> C:\Documents and Settings\All Users\Desktop\RealPlayer SP.lnk -> [2009/10/01 20:52:17 | 00,000,897 | ---- | C] ()
lame_enc.dll -> C:\WINDOWS\System32\lame_enc.dll -> [2009/07/23 11:19:57 | 00,484,352 | ---- | C] ()
MPLAYER.INI -> C:\WINDOWS\MPLAYER.INI -> [2009/04/14 15:44:36 | 00,000,074 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [2009/04/14 15:39:08 | 00,338,944 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2009/04/14 15:39:08 | 00,122,880 | ---- | C] ()
EntPack.ini -> C:\WINDOWS\EntPack.ini -> [2008/10/21 18:16:26 | 00,000,983 | ---- | C] ()
PnkBstrK.sys -> C:\WINDOWS\System32\drivers\PnkBstrK.sys -> [2008/02/19 01:04:50 | 00,022,328 | ---- | C] ()
PhotoSnapViewer.INI -> C:\WINDOWS\PhotoSnapViewer.INI -> [2008/02/06 22:29:42 | 00,000,151 | ---- | C] ()
NeroDigital.ini -> C:\WINDOWS\NeroDigital.ini -> [2008/01/30 12:33:52 | 00,000,116 | ---- | C] ()
Install6x.dll -> C:\WINDOWS\System32\Install6x.dll -> [2008/01/29 05:05:48 | 00,295,028 | ---- | C] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2006/10/30 22:35:00 | 01,662,976 | ---- | C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2006/10/30 22:35:00 | 01,470,464 | ---- | C] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2006/10/30 22:35:00 | 01,019,904 | ---- | C] ()
nvhwvid.dll -> C:\WINDOWS\System32\nvhwvid.dll -> [2006/10/30 22:35:00 | 00,581,632 | ---- | C] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2006/10/30 22:35:00 | 00,466,944 | ---- | C] ()
nvnt4cpl.dll -> C:\WINDOWS\System32\nvnt4cpl.dll -> [2006/10/30 22:35:00 | 00,286,720 | ---- | C] ()
nvapi.dll -> C:\WINDOWS\System32\nvapi.dll -> [2006/10/30 22:35:00 | 00,196,608 | ---- | C] ()
win.ini -> C:\WINDOWS\win.ini -> [2004/08/04 04:00:00 | 00,000,587 | ---- | C] ()
system.ini -> C:\WINDOWS\system.ini -> [2004/08/04 04:00:00 | 00,000,227 | ---- | C] ()
hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2003/03/09 21:31:04 | 00,561,152 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » November 1st, 2009, 4:41 am

Hi jayhovah

Still having the google problem where it redirects me to something totally different from what i selected.

Can you give an example of where it "redirects" ?

Restore HijackThis entries
The HijackThis log backup contains all entries that have been deleted...both good and bad entries.
Let's restore the deleted entries, that we need.
  1. Run HijackThis
  2. Press the "View the list of backups"...button from the Main Menu
      If you are not at the Main Menu...
    • Press the "Config"... bottom, on the bottom, right side of screen
  3. Press the "Backups"...button at the top, under the Configuration section.
  4. Place a check in the box of the entries below..
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-10-24]
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2009-10-24]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-10-24]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl [2009-10-24]
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-24]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-10-24]
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ [2009-10-24]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-10-24]
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-10-24]
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll [2009-10-24]
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-24]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-10-24]
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-24]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-10-24]
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-10-24]
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [2009-10-24]
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-10-24]
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-10-24]
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-10-24]
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll [2009-10-24]
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-24]
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-10-24]
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2009-10-24]
    O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe [2009-10-24]
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [2009-10-24]
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe [2009-10-24]
    O4 - Startup: Mozilla Firefox (2).lnk = C:\Program Files\Mozilla Firefox\firefox.exe [2009-10-24]
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl [2009-10-24]
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [2009-10-24]
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [2009-10-24]
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2009-10-24]
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [2009-10-24]
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2009-10-24]
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe [2009-10-24]
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet [2009-10-24]
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-10-24]
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install [2009-10-24]
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE [2009-10-24]
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-10-24]
    O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe [2009-10-24]
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-24]
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-10-24]
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-10-24]
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-10-24]
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-10-24]
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll [2009-10-24]
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll [2009-10-24]
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe [2009-10-24]
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-10-24]
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-10-24]
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-10-24]
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-10-24]
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [2009-10-24]
  5. When all entries have been checked...press the "Restore"...button to the right.
  6. When the restore is done...Press the "Back"...button.
  7. Press the "Scan"..button. When the scan is completed
  8. Press the "Save log" ...button. Save logfile to your desktop.
  9. A Notepad window will open, with a copy of the "hijackthis.log".
Please copy/paste the contents of the hijackthis.log file in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: need major help

Unread postby jayhovah » November 2nd, 2009, 4:52 pm

well a example would i just looked up Call of Duty moder warefare 2 and the first link i selceted sent me to a website for CBOE talkin about some Equity Option Strategies. clicked on back and tried my website again and it took me to a computer scan screen and kept asking me to install some security anti virus on my pc. it wouldnt let me close the window so at to go to task manager and stop it. on third try it took me to a site called surfing for cash? 4th time it finally took me to my website that i picked.
jayhovah
Regular Member
 
Posts: 22
Joined: October 24th, 2009, 4:59 pm

Re: need major help

Unread postby peku006 » November 2nd, 2009, 5:24 pm

Hi jayhovah

Please download GooredFix.exe...by jpshortstuff.
Save it to your desktop... Alternate Site.
  • Ensure all Firefox windows are closed.
  • Double-click GooredFix.exe to run it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  • Please copy and paste the contents of the GooredFix.txt file in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware