Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Random pop-ups......anti-vir constantly blocking somthing..

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 9th, 2010, 3:08 pm

getting blasted with pop-ups. mostly when using pandora radio...constant redirects and as in the subject AntiVir is constantly blocking one think or another. HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:07 AM, on 2/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jucheck.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\LimeWire\LimeWire.exe
H:\Documents and Settings\chris manley\Application Data\SystemProc\lsass.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04344831-1C91-456F-AD75-ED9628A24227} - H:\WINDOWS\System32\d3d832.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: adsoftinc - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\system32\nsm9.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] H:\Documents and Settings\chris manley\Application Data\SystemProc\lsass.exe
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O20 - AppInit_DLLs: H:\WINDOWS\System32\bdco1ins32.dll
O20 - Winlogon Notify: a43db07f783 - H:\WINDOWS\System32\bdco1ins32.dll
O20 - Winlogon Notify: __c008717 - H:\WINDOWS\system32\__c008717.dat
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c988b7520d0ef0) (gupdate1c988b7520d0ef0) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7858 bytes
==========================
==========================
uninstall_list:
5Spice Analysis 1.60
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Athlon 64 Processor Driver
Avira AntiVir Premium
BioShock
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Collab
Contextual Platform Adsoftinc
DAOC-Charplan
Dark Age of Camelot
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EVGA Display Driver
FL Studio 8
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
IL Download Manager
iTunes
J2SE Runtime Environment 5.0 Update 14
Java(TM) 6 Update 11
Java(TM) 6 Update 7
LimeWire 5.2.13
Line 6 Uninstaller
Live 5.2.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.17)
Nero Suite
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PoiZone
Power Tab Editor 1.7
QuickTime
Realtek AC'97 Audio
RON Tool Adsoftinc
SecondLife (remove only)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB976325)
Sound Blaster Extigy
Star Wars Empire at War
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Toxic Biohazard
Unreal Tournament
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Variax Workbench (remove only)
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm
Advertisement
Register to Remove

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby MWR 3 day Mod » February 13th, 2010, 1:03 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 17th, 2010, 6:27 am

Hi level18barbarian,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 17th, 2010, 7:05 am

Hi level18barbarian,

Use of P2P (Peer to Peer) file sharing programs

I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 5.2.13

Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them. Please remove it before we can continue any further. Post back when you have done it so we can continue the cleaning process.

NOTE: Even if you are using a safe P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

CKScanner:

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Please post CKFiles.txt along with a new HijackThis log and uninstall list in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 17th, 2010, 1:57 pm

i think i got rid of it......and thanks for the help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:56 AM, on 3/7/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Java\jre6\bin\jucheck.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... p=aus&qkw=%s&tbid=%tb_id%language
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {04344831-1C91-456F-AD75-ED9628A24227} - H:\WINDOWS\System32\dot3dlg32.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: adsoftinc - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\system32\nsm9.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] H:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\6.tmp
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O20 - AppInit_DLLs: H:\WINDOWS\System32\bdco1ins32.dll
O20 - Winlogon Notify: a43db07f783 - H:\WINDOWS\System32\bdco1ins32.dll
O20 - Winlogon Notify: __c00F92D0 - H:\WINDOWS\system32\__c00F92D0.dat
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c988b7520d0ef0) (gupdate1c988b7520d0ef0) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7674 bytes
==================================================

5Spice Analysis 1.60
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Athlon 64 Processor Driver
Avira AntiVir Premium
BioShock
Bonjour
Call of Duty(R) - World at War(TM)
Call of Duty(R) - World at War(TM) 1.1 Patch
Collab
Contextual Platform Adsoftinc
DAOC-Charplan
Dark Age of Camelot
DivX Codec
DivX Converter
DivX Player
DivX Web Player
EVGA Display Driver
FL Studio 8
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
IL Download Manager
iTunes
J2SE Runtime Environment 5.0 Update 14
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Line 6 Uninstaller
Live 5.2.2
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2000 Premium
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.17)
Nero Suite
NVIDIA Drivers
NVIDIA PhysX v8.09.04
PoiZone
Power Tab Editor 1.7
QuickTime
Realtek AC'97 Audio
RON Tool Adsoftinc
SecondLife (remove only)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sound Blaster Extigy
Star Wars Empire at War
Star Wars JK II Jedi Outcast
Star Wars Knights of the Old Republic
Toxic Biohazard
Unreal Tournament
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Variax Workbench (remove only)
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 17th, 2010, 2:09 pm

ooops, forgot this one:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\acid\sony.acid.music.studio.v5.0.incl.keygen.for.www.torrent-base.dl.am.rar
c:\backup_011106\d_drive\diablo ii\diablo2updatev1.09dcrackdbc.zip
c:\backup_011106\d_drive\mythic\atlantis\effects\alb_ecrack1_hit.nif
c:\backup_011106\d_drive\mythic\atlantis\effects\crackles1.dds
c:\backup_011106\d_drive\mythic\atlantis\effects\lavapool_crackle_erupt.nif
c:\backup_011106\d_drive\mythic\atlantis\effects\lavapuddle_crackle.nif
c:\backup_011106\d_drive\mythic\atlantis\zones\dnifs\bd1oldwcrack2.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\dnifs\bd1oldwcrack3.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\dnifs\bd1oldwcracked.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\dnifs\oceanusglasscrack.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\barnaclecrack_detail.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\crackeddetail.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\cracks.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\cracksdetaila.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\cracksdetailb.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\cracksdetailc.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\cracks_.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\fomortowercrack.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\hwallcrack.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\hwallcracktan.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\impact_crack.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\meteor_crack.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\meteor_crack_a.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\orange_lrg_brickcracked.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\orange_wall_basebcracks.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\nifs\test_crackrock.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\atcrackdrt1.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\crackedmuddy.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\crackedmuddy2.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\crackedsand.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\h_rock_cracked.dds
c:\backup_011106\d_drive\mythic\atlantis\zones\terraintex\v_ground_cracked.dds
c:\backup_011106\d_drive\mythic\camelot\effects\alb_ecrack1_hit.nif
c:\backup_011106\d_drive\mythic\camelot\zones\dnifs\bd1oldwcrack2.tga
c:\backup_011106\d_drive\mythic\camelot\zones\dnifs\bd1oldwcrack3.tga
c:\backup_011106\d_drive\mythic\camelot\zones\dnifs\bd1oldwcracked.tga
c:\backup_011106\d_drive\mythic\camelot\zones\nifs\hwallcrack.tga
c:\backup_011106\d_drive\mythic\camelot\zones\nifs\hwallcracktan.tga
c:\backup_011106\d_drive\mythic\isles\effects\alb_ecrack1_hit.nif
c:\backup_011106\d_drive\mythic\isles\effects\crackles1.dds
c:\backup_011106\d_drive\mythic\isles\zones\dnifs\bd1oldwcrack2.dds
c:\backup_011106\d_drive\mythic\isles\zones\dnifs\bd1oldwcrack3.dds
c:\backup_011106\d_drive\mythic\isles\zones\dnifs\bd1oldwcracked.dds
c:\backup_011106\d_drive\mythic\isles\zones\dnifs\fomortowercrack.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\crackeddetail.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\fomortowercrack.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\hwallcrack.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\hwallcracktan.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\impact_crack.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\meteor_crack.dds
c:\backup_011106\d_drive\mythic\isles\zones\nifs\meteor_crack_a.dds
c:\battlefield1942\battlefield_1942_keygen_by_nkrhc\about.txt
c:\games\atlantis\effects\alb_ecrack1_hit.nif
c:\games\atlantis\effects\crackles1.dds
c:\games\atlantis\effects\lavapool_crackle_erupt.nif
c:\games\atlantis\effects\lavapuddle_crackle.nif
c:\games\atlantis\items\dragon_egg_cracks.dds
c:\games\atlantis\items\egg_dragon_a_cracked.nif
c:\games\atlantis\items\egg_dragon_h_cracked.nif
c:\games\atlantis\items\egg_dragon_m_cracked.nif
c:\games\atlantis\zones\dnifs\bd1oldwcrack2.dds
c:\games\atlantis\zones\dnifs\bd1oldwcrack3.dds
c:\games\atlantis\zones\dnifs\bd1oldwcracked.dds
c:\games\atlantis\zones\dnifs\oceanusglasscrack.dds
c:\games\atlantis\zones\nifs\barnaclecrack_detail.dds
c:\games\atlantis\zones\nifs\crackeddetail.dds
c:\games\atlantis\zones\nifs\cracks.dds
c:\games\atlantis\zones\nifs\cracksdetaila.dds
c:\games\atlantis\zones\nifs\cracksdetailb.dds
c:\games\atlantis\zones\nifs\cracksdetailc.dds
c:\games\atlantis\zones\nifs\cracks_.dds
c:\games\atlantis\zones\nifs\fomortowercrack.dds
c:\games\atlantis\zones\nifs\hwallcrack.dds
c:\games\atlantis\zones\nifs\hwallcracktan.dds
c:\games\atlantis\zones\nifs\impact_crack.dds
c:\games\atlantis\zones\nifs\meteor_crack.dds
c:\games\atlantis\zones\nifs\meteor_crack_a.dds
c:\games\atlantis\zones\nifs\orange_lrg_brickcracked.dds
c:\games\atlantis\zones\nifs\orange_wall_basebcracks.dds
c:\games\atlantis\zones\nifs\test_crackrock.dds
c:\games\atlantis\zones\terraintex\atcrackdrt1.dds
c:\games\atlantis\zones\terraintex\crackedmuddy.dds
c:\games\atlantis\zones\terraintex\crackedmuddy2.dds
c:\games\atlantis\zones\terraintex\crackedsand.dds
c:\games\atlantis\zones\terraintex\h_rock_cracked.dds
c:\games\atlantis\zones\terraintex\v_ground_cracked.dds
c:\games\catacombs\effects\alb_ecrack1_hit.nif
c:\games\catacombs\effects\crackles1.dds
c:\games\catacombs\effects\lavapool_crackle_erupt.nif
c:\games\catacombs\effects\lavapuddle_crackle.nif
c:\games\catacombs\zones\dnifs\bd1oldwcrack2.dds
c:\games\catacombs\zones\dnifs\bd1oldwcrack3.dds
c:\games\catacombs\zones\dnifs\bd1oldwcracked.dds
c:\games\catacombs\zones\dnifs\oceanusglasscrack.dds
c:\games\catacombs\zones\nifs\barnaclecrack_detail.dds
c:\games\catacombs\zones\nifs\crackeddetail.dds
c:\games\catacombs\zones\nifs\cracks.dds
c:\games\catacombs\zones\nifs\cracksdetaila.dds
c:\games\catacombs\zones\nifs\cracksdetailb.dds
c:\games\catacombs\zones\nifs\cracksdetailc.dds
c:\games\catacombs\zones\nifs\cracks_.dds
c:\games\catacombs\zones\nifs\fomortowercrack.dds
c:\games\catacombs\zones\nifs\hwallcrack.dds
c:\games\catacombs\zones\nifs\hwallcracktan.dds
c:\games\catacombs\zones\nifs\impact_crack.dds
c:\games\catacombs\zones\nifs\meteor_crack.dds
c:\games\catacombs\zones\nifs\meteor_crack_a.dds
c:\games\catacombs\zones\nifs\orange_lrg_brickcracked.dds
c:\games\catacombs\zones\nifs\orange_wall_basebcracks.dds
c:\games\catacombs\zones\nifs\test_crackrock.dds
c:\games\catacombs\zones\terraintex\atcrackdrt1.dds
c:\games\catacombs\zones\terraintex\crackedmuddy.dds
c:\games\catacombs\zones\terraintex\crackedmuddy2.dds
c:\games\catacombs\zones\terraintex\crackedsand.dds
c:\games\catacombs\zones\terraintex\h_rock_cracked.dds
c:\games\catacombs\zones\terraintex\v_ground_cracked.dds
c:\games\combat flight simulator 3\crack\cfs3.exe
c:\games\tron 2.0\newcracks\tron 2.0 serial key.txt
c:\muzak\adobe photoshop cs4 extended (keygen included).torrent
c:\mythic\darkness\effects\alb_ecrack1_hit.nif
c:\mythic\darkness\effects\crackles1.dds
c:\mythic\darkness\effects\lavapool_crackle_erupt.nif
c:\mythic\darkness\effects\lavapuddle_crackle.nif
c:\mythic\darkness\items\dragon_egg_cracks.dds
c:\mythic\darkness\items\egg_dragon_a_cracked.nif
c:\mythic\darkness\items\egg_dragon_h_cracked.nif
c:\mythic\darkness\items\egg_dragon_m_cracked.nif
c:\mythic\darkness\newtowns\zones\nifs\a_cracksdetailb.dds
c:\mythic\darkness\newtowns\zones\nifs\a_floorcrack.dds
c:\mythic\darkness\newtowns\zones\nifs\a_floorcrack_dk.dds
c:\mythic\darkness\zones\dnifs\alb_demonhall_walllavacrack.dds
c:\mythic\darkness\zones\dnifs\alb_demonhall_walllavacrack_glow.dds
c:\mythic\darkness\zones\dnifs\bd1oldwcrack2.dds
c:\mythic\darkness\zones\dnifs\bd1oldwcrack3.dds
c:\mythic\darkness\zones\dnifs\bd1oldwcracked.dds
c:\mythic\darkness\zones\dnifs\cracks_detail.dds
c:\mythic\darkness\zones\dnifs\df_crackglow.dds
c:\mythic\darkness\zones\dnifs\oceanusglasscrack.dds
c:\mythic\darkness\zones\nifs\a_cracksdetailb.dds
c:\mythic\darkness\zones\nifs\a_floorcrack.dds
c:\mythic\darkness\zones\nifs\a_floorcrack_dk.dds
c:\mythic\darkness\zones\nifs\barnaclecrack_detail.dds
c:\mythic\darkness\zones\nifs\crackeddetail.dds
c:\mythic\darkness\zones\nifs\cracks.dds
c:\mythic\darkness\zones\nifs\cracksdetaila.dds
c:\mythic\darkness\zones\nifs\cracksdetailb.dds
c:\mythic\darkness\zones\nifs\cracksdetailc.dds
c:\mythic\darkness\zones\nifs\cracks_.dds
c:\mythic\darkness\zones\nifs\fomortowercrack.dds
c:\mythic\darkness\zones\nifs\hwallcrack.dds
c:\mythic\darkness\zones\nifs\hwallcracktan.dds
c:\mythic\darkness\zones\nifs\impact_crack.dds
c:\mythic\darkness\zones\nifs\meteor_crack.dds
c:\mythic\darkness\zones\nifs\meteor_crack_a.dds
c:\mythic\darkness\zones\nifs\orange_lrg_brickcracked.dds
c:\mythic\darkness\zones\nifs\orange_wall_basebcracks.dds
c:\mythic\darkness\zones\nifs\test_crackrock.dds
c:\mythic\darkness\zones\terraintex\atcrackdrt1.dds
c:\mythic\darkness\zones\terraintex\crackedmuddy.dds
c:\mythic\darkness\zones\terraintex\crackedmuddy2.dds
c:\mythic\darkness\zones\terraintex\crackedsand.dds
c:\mythic\darkness\zones\terraintex\h_rock_cracked.dds
c:\mythic\darkness\zones\terraintex\v_ground_cracked.dds
c:\mythic\darkness\zones\zone026\nifs\a_floorcrack_dk.dds
c:\mythic\labyrinth\effects\alb_ecrack1_hit.nif
c:\mythic\labyrinth\effects\crackles1.dds
c:\mythic\labyrinth\effects\lavapool_crackle_erupt.nif
c:\mythic\labyrinth\effects\lavapuddle_crackle.nif
c:\mythic\labyrinth\items\dragon_egg_cracks.dds
c:\mythic\labyrinth\items\egg_dragon_a_cracked.nif
c:\mythic\labyrinth\items\egg_dragon_h_cracked.nif
c:\mythic\labyrinth\items\egg_dragon_m_cracked.nif
c:\mythic\labyrinth\newtowns\zones\nifs\a_cracksdetailb.dds
c:\mythic\labyrinth\newtowns\zones\nifs\a_floorcrack.dds
c:\mythic\labyrinth\newtowns\zones\nifs\a_floorcrack_dk.dds
c:\mythic\labyrinth\zones\dnifs\alb_demonhall_walllavacrack.dds
c:\mythic\labyrinth\zones\dnifs\alb_demonhall_walllavacrack_glow.dds
c:\mythic\labyrinth\zones\dnifs\bd1oldwcrack2.dds
c:\mythic\labyrinth\zones\dnifs\bd1oldwcrack3.dds
c:\mythic\labyrinth\zones\dnifs\bd1oldwcracked.dds
c:\mythic\labyrinth\zones\dnifs\cracks_detail.dds
c:\mythic\labyrinth\zones\dnifs\df_crackglow.dds
c:\mythic\labyrinth\zones\dnifs\oceanusglasscrack.dds
c:\mythic\labyrinth\zones\nifs\a_cracksdetailb.dds
c:\mythic\labyrinth\zones\nifs\a_floorcrack.dds
c:\mythic\labyrinth\zones\nifs\a_floorcrack_dk.dds
c:\mythic\labyrinth\zones\nifs\barnaclecrack_detail.dds
c:\mythic\labyrinth\zones\nifs\crackeddetail.dds
c:\mythic\labyrinth\zones\nifs\cracks.dds
c:\mythic\labyrinth\zones\nifs\cracksdetaila.dds
c:\mythic\labyrinth\zones\nifs\cracksdetailb.dds
c:\mythic\labyrinth\zones\nifs\cracksdetailc.dds
c:\mythic\labyrinth\zones\nifs\cracks_.dds
c:\mythic\labyrinth\zones\nifs\fomortowercrack.dds
c:\mythic\labyrinth\zones\nifs\hwallcrack.dds
c:\mythic\labyrinth\zones\nifs\hwallcracktan.dds
c:\mythic\labyrinth\zones\nifs\impact_crack.dds
c:\mythic\labyrinth\zones\nifs\meteor_crack.dds
c:\mythic\labyrinth\zones\nifs\meteor_crack_a.dds
c:\mythic\labyrinth\zones\nifs\orange_lrg_brickcracked.dds
c:\mythic\labyrinth\zones\nifs\orange_wall_basebcracks.dds
c:\mythic\labyrinth\zones\nifs\test_crackrock.dds
c:\mythic\labyrinth\zones\terraintex\atcrackdrt1.dds
c:\mythic\labyrinth\zones\terraintex\crackedmuddy.dds
c:\mythic\labyrinth\zones\terraintex\crackedmuddy2.dds
c:\mythic\labyrinth\zones\terraintex\crackedsand.dds
c:\mythic\labyrinth\zones\terraintex\h_rock_cracked.dds
c:\mythic\labyrinth\zones\terraintex\v_ground_cracked.dds
c:\mythic\labyrinth\zones\zone026\nifs\a_floorcrack_dk.dds
c:\spellcrafting-3.0\itemdb\albion\2hwep\crackling_ebony_sunderer_2hwep.xml
c:\spellcrafting-3.0\itemdb\albion\2hwep\rock_cracker_2hwep.xml
c:\spellcrafting-3.0\itemdb\albion\2hwep\skullcracker_2hwep.xml
c:\spellcrafting-3.0\itemdb\albion\lhwep\cracked_maintenance_hatch_lhwep.xml
c:\spellcrafting-3.0\itemdb\albion\ring\cracked_gear_ring.xml
c:\spellcrafting-3.0\itemdb\albion\wep\crackling_impaler_wep.xml
c:\spellcrafting-3.0\itemdb\hibernia\2hwep\giant_femur_cracker_2hwep.xml
c:\spellcrafting-3.0\itemdb\hibernia\bracer\cracked_earth_bracer_bracer.xml
c:\spellcrafting-3.0\itemdb\hibernia\cloak\ancient_cracked_stag's_hide_cloak.xml
c:\spellcrafting-3.0\itemdb\hibernia\cloak\ancient_cracked_stag_hide_cloak.xml
c:\spellcrafting-3.0\itemdb\hibernia\hands\shadowwalker_cracked_stag_hide_gloves_hands.xml
c:\spellcrafting-3.0\itemdb\midgard\helm\crackling_ebon_coif_helm.xml
c:\spellcrafting-3.0\itemdb\midgard\wep\eiorharn's_skull_cracker_wep.xml
c:\spellcrafting-3.0\items\albion\2hwep\crackling_ebony_sunderer_2hwep.xml
c:\spellcrafting-3.0\items\albion\2hwep\rock_cracker_2hwep.xml
c:\spellcrafting-3.0\items\albion\2hwep\skullcracker_2hwep.xml
c:\spellcrafting-3.0\items\albion\lhwep\cracked_maintenance_hatch_lhwep.xml
c:\spellcrafting-3.0\items\albion\ring\cracked_gear_ring.xml
c:\spellcrafting-3.0\items\albion\wep\crackling_impaler_wep.xml
c:\spellcrafting-3.0\items\hibernia\2hwep\giant_femur_cracker_2hwep.xml
c:\spellcrafting-3.0\items\hibernia\bracer\cracked_earth_bracer_bracer.xml
c:\spellcrafting-3.0\items\hibernia\cloak\ancient_cracked_stag's_hide_cloak.xml
c:\spellcrafting-3.0\items\hibernia\cloak\ancient_cracked_stag_hide_cloak.xml
c:\spellcrafting-3.0\items\hibernia\hands\shadowwalker_cracked_stag_hide_gloves_hands.xml
c:\spellcrafting-3.0\items\midgard\helm\crackling_ebon_coif_helm.xml
c:\spellcrafting-3.0\items\midgard\wep\eiorharn's_skull_cracker_wep.xml
c:\yarg!!\adobe acrobat 6.0 professional\adobe acrobat 6.0 professional keygen.exe
scanner sequence 3.ZZ.11
----- EOF -----
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 17th, 2010, 4:09 pm

Hi level18barbarian,

Cracked/Keygen related software detected!!!

While going through your logs I found out that you have downloaded various keygen/cracked software.

Our forum policy Here says we will not help people who use cracked or pirated software.
You likely got infected by using cracked software or visiting crack sites.
Hence, i would like you to remove all the crack/keygen applications that are present on your system

NOTE: If you give me advice that the software/Keygens have been removed & I find it has not (the tools we use can & will detect it) then I will have no choice but to have this thread closed.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 19th, 2010, 1:33 am

i got rid of the two keygen files that i found. here are the logs:

OTL logfile created on: 3/8/2010 9:29:09 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = H:\Documents and Settings\chris manley\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 111.79 Gb Total Space | 3.59 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 127.99 Gb Total Space | 77.25 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MINE
Current User Name: chris manley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - H:\Documents and Settings\chris manley\Desktop\OTL.exe (OldTimer Tools)
PRC - H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - H:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe (Google Inc.)
PRC - H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - H:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - H:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - H:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
PRC - H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
PRC - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
PRC - H:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - H:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - H:\Program Files\Creative\ShareDLL\MEDIADET.EXE (Creative Technology Ltd.)
PRC - H:\Program Files\Creative\ShareDLL\CTNOTIFY.EXE (Creative Technology Ltd.)
PRC - H:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
PRC - H:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Modules (SafeList) ==========

MOD - H:\Documents and Settings\chris manley\Desktop\OTL.exe (OldTimer Tools)
MOD - H:\WINDOWS\system32\__c00F92D0.dat ()
MOD - H:\WINDOWS\system32\dsound.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service) -- H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (iPod Service) -- H:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (gusvc) -- H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (gupdate1c988b7520d0ef0) Google Update Service (gupdate1c988b7520d0ef0) -- H:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (Bonjour Service) -- H:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (JavaQuickStarterService) -- H:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (AntiVirMailService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe (Avira GmbH)
SRV - (AntiVirScheduler) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe (Avira GmbH)
SRV - (NVSvc) -- H:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (antivirwebservice) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE (Avira GmbH)
SRV - (AVEService) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe (Avira GmbH)
SRV - (WMDM PMSP Service) -- H:\WINDOWS\system32\MsPMSPSv.exe (Microsoft Corporation)
SRV - (Creative Service for CDROM Access) -- H:\WINDOWS\system32\CTSVCCDA.EXE (Creative Technology Ltd)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- H:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgio.sys (Avira GmbH)
DRV - (GEARAspiWDM) -- H:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PxHelp20) -- H:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (nv) -- H:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- H:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Secdrv) -- H:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (ssmdrv) -- H:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (L6DP) -- H:\WINDOWS\system32\drivers\l6dp.sys (Line 6)
DRV - (L6TPortB) -- H:\WINDOWS\system32\drivers\L6TPortB.sys (Line 6)
DRV - (L6PODLV) -- H:\WINDOWS\system32\drivers\L6PODLV.sys (Line 6)
DRV - (GPWADrv) Service for L6 GuitarPort Driver (WDM) -- H:\WINDOWS\system32\drivers\GPWADrv.sys (Line 6)
DRV - (nvnetbus) -- H:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- H:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- H:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- H:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Ptilink) -- H:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (sbext) -- H:\WINDOWS\system32\drivers\sbext.sys (Creative Technology Ltd.)
DRV - (PfModNT) -- H:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]

IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 31 48 34 04 91 1C 6F 45 AD 75 ED 96 28 A2 42 27 [binary data]
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\S-1-5-21-823518204-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-651377827-725345543-1003\S-1-5-21-823518204-651377827-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yoog Search"
FF - prefs.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="
FF - prefs.js..browser.search.selectedEngine: "Yoog Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {9CE11043-9A15-4207-A565-0C94C42D590D}:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}:5.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - prefs.js..keyword.defaultURL: "http://www9.yoog.com/search.php?q="

FF - user.js..browser.search.selectedEngine: "Yoog Search"
FF - user.js..keyword.URL: "http://www9.yoog.com/search.php?q="
FF - user.js..keyword.enabled: true
FF - user.js..browser.search.defaultenginename: "Yoog Search"
FF - user.js..browser.search.defaulturl: "http://www9.yoog.com/search.php?q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: H:\Program Files\Mozilla Firefox\components [2010/02/23 18:02:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: H:\Program Files\Mozilla Firefox\plugins [2010/01/06 17:21:18 | 000,000,000 | ---D | M]

[2009/09/01 15:14:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Extensions
[2009/09/01 15:14:04 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/03/07 09:38:27 | 000,000,000 | ---D | M] -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions
[2008/12/26 22:54:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/08 09:23:03 | 000,000,000 | ---D | M] (XUL Cache) -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}
[2009/07/29 17:23:50 | 000,002,168 | ---- | M] () -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\searchplugins\inbox-search.xml
[2009/02/03 21:31:04 | 000,000,246 | ---- | M] () -- H:\Documents and Settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\searchplugins\Yoog Search.xml
[2010/03/07 09:38:27 | 000,000,000 | ---D | M] -- H:\Program Files\Mozilla Firefox\extensions
[2008/08/23 16:57:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- H:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/02/26 10:03:08 | 000,000,000 | ---D | M] (Firefox security) -- H:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
[2009/10/14 15:54:29 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - H:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {04344831-1C91-456F-AD75-ED9628A24227} - H:\WINDOWS\system32\camocx32.dll ()
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (adsoftinc) - {a827e29e-c025-a5b8-6027-523a4456fc88} - H:\WINDOWS\System32\nsm9.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-823518204-651377827-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [AudCtrl] H:\WINDOWS\System32\AudCtrl.dll ()
O4 - HKLM..\Run: [avgnt] H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CTNOTIFY.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [iTunesHelper] H:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Jet Detection] H:\Program Files\Creative\SBExtigy\PROGRAM\ADGJDet.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] H:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] H:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] H:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] H:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] H:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] H:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] H:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - Startup: H:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = H:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\8D.tmp File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = H:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = H:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - File not found
O12 - Plugin for: .spop - H:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-823518204-651377827-725345543-1003\..Trusted Domains: line6.net ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.51.205.100 66.51.206.100
O20 - AppInit_DLLs: (H:\WINDOWS\System32\bdco1ins32.dll) - H:\WINDOWS\system32\bdco1ins32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - H:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\__c00F92D0: DllName - H:\WINDOWS\system32\__c00F92D0.dat - H:\WINDOWS\system32\__c00F92D0.dat ()
O20 - Winlogon\Notify\a43db07f783: DllName - H:\WINDOWS\System32\bdco1ins32.dll - H:\WINDOWS\system32\bdco1ins32.dll ()
O24 - Desktop WallPaper: H:\Documents and Settings\chris manley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: H:\Documents and Settings\chris manley\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/29 01:15:44 | 000,000,000 | ---D | M] - C:\AutoPlay -- [ NTFS ]
O32 - AutoRun File - [2006/09/20 06:48:58 | 000,000,055 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/08 09:25:10 | 000,549,376 | ---- | C] (OldTimer Tools) -- H:\Documents and Settings\chris manley\Desktop\OTL.exe
[2010/03/07 09:25:33 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008F982.dat
[2010/03/05 14:15:37 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00559D6.dat
[2010/03/05 14:04:06 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c009DC76.dat
[2010/03/02 16:23:49 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c004BABD.dat
[2010/03/02 11:25:22 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00B3094.dat
[2010/03/01 11:24:14 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c001A25E.dat
[2010/02/28 17:16:28 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002B110.dat
[2010/02/28 17:07:23 | 000,030,720 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002BC16.dat
[2010/02/27 16:50:51 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00D3F6.dat
[2010/02/27 16:49:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Application Data\Avira
[2010/02/27 16:29:00 | 000,031,232 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00B0F09.dat
[2010/02/27 10:46:31 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- H:\Documents and Settings\chris manley\Desktop\HJTInstall.exe
[2010/02/26 17:18:29 | 000,000,000 | ---D | C] -- H:\WINDOWS\System32\370136856
[2010/02/26 16:22:07 | 000,030,208 | ---- | C] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008717.dat
[2010/02/26 10:03:38 | 000,000,000 | -HSD | C] -- H:\WINDOWS\System32\SysWoW32
[2010/02/26 10:03:10 | 000,000,000 | -HSD | C] -- H:\Documents and Settings\chris manley\Application Data\SystemProc
[2010/02/20 11:44:27 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\My Documents\Updater
[2010/02/20 10:40:02 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/02/20 10:39:55 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Local Settings\Application Data\Adobe
[2010/02/20 10:35:40 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Documents\Adobe PDF
[2010/02/20 10:35:10 | 000,000,000 | ---D | C] -- H:\Program Files\Common Files\Adobe Systems Shared
[2010/02/20 10:33:48 | 000,000,000 | ---D | C] -- H:\Documents and Settings\All Users\Application Data\Adobe
[2010/02/20 10:25:33 | 000,000,000 | ---D | C] -- H:\Documents and Settings\chris manley\Desktop\photos
[2009/02/09 04:14:38 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/02/06 16:02:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/11 10:53:01 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/11 16:11:13 | 000,000,000 | ---D | M] -- H:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/08/23 16:29:24 | 000,059,392 | ---- | C] ( ) -- H:\WINDOWS\System32\a3d.dll
[2008/08/23 16:10:58 | 000,000,000 | --SD | M] -- H:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/23 16:10:58 | 000,000,000 | ---D | M] -- H:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/23 16:08:03 | 000,000,000 | --SD | M] -- H:\Documents and Settings\LocalService\Application Data\Microsoft
[6 H:\WINDOWS\System32\dllcache\*.tmp files -> H:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[21 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2049/12/31 15:00:02 | 002,975,473 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 014.jpg
[2049/12/31 15:00:00 | 002,849,483 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 015.jpg
[2049/12/31 15:00:00 | 001,961,629 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\chris and dog 013.jpg
[2010/03/08 09:28:13 | 000,002,077 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783P.manifest
[2010/03/08 09:28:13 | 000,000,344 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783C.manifest
[2010/03/08 09:27:13 | 000,000,817 | ---- | M] () -- H:\WINDOWS\System32\608022655
[2010/03/08 09:26:48 | 000,293,376 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\u09visiu.exe
[2010/03/08 09:25:10 | 000,549,376 | ---- | M] (OldTimer Tools) -- H:\Documents and Settings\chris manley\Desktop\OTL.exe
[2010/03/08 09:15:00 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\camocx32.dll
[2010/03/08 08:51:00 | 000,000,886 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/08 05:07:21 | 000,000,868 | ---- | M] () -- H:\WINDOWS\tasks\Google Software Updater.job
[2010/03/08 00:51:00 | 000,000,882 | ---- | M] () -- H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/07 15:38:15 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dbghelp32.dll
[2010/03/07 10:09:24 | 002,621,440 | -H-- | M] () -- H:\Documents and Settings\chris manley\NTUSER.DAT
[2010/03/07 09:57:51 | 000,451,584 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\CKScanner.exe
[2010/03/07 09:29:26 | 000,030,208 | ---- | M] () -- H:\WINDOWS\System32\__c00F92D0.dat
[2010/03/07 09:29:15 | 000,000,071 | ---- | M] () -- H:\WINDOWS\System32\74bdb778
[2010/03/07 09:28:46 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dot3dlg32.dll
[2010/03/07 09:27:35 | 000,193,359 | ---- | M] () -- H:\WINDOWS\System32\nvapps.xml
[2010/03/07 09:27:31 | 000,000,669 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783O.manifest
[2010/03/07 09:27:31 | 000,000,011 | -HS- | M] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783S.manifest
[2010/03/07 09:27:31 | 000,000,006 | -H-- | M] () -- H:\WINDOWS\tasks\SA.DAT
[2010/03/07 09:27:30 | 000,013,646 | ---- | M] () -- H:\WINDOWS\System32\wpa.dbl
[2010/03/07 09:27:29 | 000,002,048 | --S- | M] () -- H:\WINDOWS\bootstat.dat
[2010/03/07 09:24:57 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dpus1132.dll
[2010/03/06 14:17:28 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c00B4F61.exe
[2010/03/06 14:17:26 | 000,031,232 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00559D6.dat
[2010/03/06 12:55:31 | 000,195,584 | ---- | M] () -- H:\WINDOWS\System32\dskquota32.dll
[2010/03/06 11:53:01 | 000,000,284 | ---- | M] () -- H:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/05 14:14:46 | 000,198,656 | ---- | M] () -- H:\WINDOWS\System32\dgsetup3232.dll
[2010/03/05 14:03:45 | 000,198,656 | ---- | M] () -- H:\WINDOWS\System32\d3dx9_3132.dll
[2010/03/04 16:27:21 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c00B89F8.exe
[2010/03/04 16:27:20 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c004BABD.dat
[2010/03/03 16:25:40 | 000,014,360 | ---- | M] () -- H:\WINDOWS\System32\__c00B9F1C.exe
[2010/03/02 16:23:05 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\compobj32.dll
[2010/03/02 11:08:59 | 000,014,358 | ---- | M] () -- H:\WINDOWS\System32\__c00F915A.exe
[2010/03/02 11:07:52 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dgsetup32.dll
[2010/03/01 11:24:22 | 000,030,720 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c001A25E.dat
[2010/03/01 11:23:46 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dmserver32.dll
[2010/03/01 10:59:15 | 000,014,360 | ---- | M] () -- H:\WINDOWS\System32\__c00966E9.exe
[2010/03/01 09:44:10 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\ddeml32.dll
[2010/03/01 03:02:58 | 000,001,355 | ---- | M] () -- H:\WINDOWS\imsins.BAK
[2010/02/28 17:16:37 | 000,030,720 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c002B110.dat
[2010/02/28 17:16:07 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\CmdLineExt32.dll
[2010/02/28 17:06:00 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\avifile32.dll
[2010/02/28 07:20:50 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dnssd32.dll
[2010/02/28 00:52:22 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c00D3F6.dat
[2010/02/27 20:00:20 | 000,014,359 | ---- | M] () -- H:\WINDOWS\System32\__c0023CCA.exe
[2010/02/27 16:49:24 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\dpcdll32.dll
[2010/02/27 16:32:46 | 000,117,360 | ---- | M] () -- H:\WINDOWS\System32\FNTCACHE.DAT
[2010/02/27 10:46:45 | 000,001,766 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\HijackThis.lnk
[2010/02/27 10:46:31 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- H:\Documents and Settings\chris manley\Desktop\HJTInstall.exe
[2010/02/27 10:36:02 | 000,200,192 | ---- | M] () -- H:\WINDOWS\System32\d3d832.dll
[2010/02/26 16:22:20 | 000,014,362 | ---- | M] () -- H:\WINDOWS\System32\__c001E616.exe
[2010/02/26 16:22:15 | 000,030,208 | ---- | M] (Mozilla Foundation) -- H:\WINDOWS\System32\__c008717.dat
[2010/02/26 10:03:23 | 000,203,776 | -HS- | M] () -- H:\WINDOWS\System32\unrar.exe
[2010/02/26 10:03:07 | 000,200,704 | ---- | M] () -- H:\WINDOWS\System32\bitsprx232.dll
[2010/02/26 10:03:06 | 000,129,536 | ---- | M] () -- H:\WINDOWS\System32\bdco1ins32.dll
[2010/02/26 10:02:53 | 000,578,560 | ---- | M] () -- H:\Documents and Settings\chris manley\Desktop\QuickTime_Update_KB673901.exe
[2010/02/26 10:02:41 | 000,019,024 | ---- | M] () -- H:\Documents and Settings\chris manley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/02/22 18:54:44 | 000,001,947 | ---- | M] () -- H:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/20 21:37:26 | 000,508,970 | ---- | M] () -- H:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/20 21:37:26 | 000,433,126 | ---- | M] () -- H:\WINDOWS\System32\perfh009.dat
[2010/02/20 21:37:26 | 000,067,574 | ---- | M] () -- H:\WINDOWS\System32\perfc009.dat
[2010/02/20 10:35:54 | 000,001,020 | ---- | M] () -- H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk
[6 H:\WINDOWS\System32\dllcache\*.tmp files -> H:\WINDOWS\System32\dllcache\*.tmp -> ]
[5 H:\WINDOWS\*.tmp files -> H:\WINDOWS\*.tmp -> ]
[21 H:\WINDOWS\System32\*.tmp files -> H:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/08 09:26:48 | 000,293,376 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\u09visiu.exe
[2010/03/08 09:15:00 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\camocx32.dll
[2010/03/07 15:38:15 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dbghelp32.dll
[2010/03/07 09:57:50 | 000,451,584 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\CKScanner.exe
[2010/03/07 09:29:19 | 000,030,208 | ---- | C] () -- H:\WINDOWS\System32\__c00F92D0.dat
[2010/03/07 09:28:46 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dot3dlg32.dll
[2010/03/07 09:24:57 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dpus1132.dll
[2010/03/06 14:17:28 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c00B4F61.exe
[2010/03/06 12:55:31 | 000,195,584 | ---- | C] () -- H:\WINDOWS\System32\dskquota32.dll
[2010/03/05 14:14:46 | 000,198,656 | ---- | C] () -- H:\WINDOWS\System32\dgsetup3232.dll
[2010/03/05 14:03:45 | 000,198,656 | ---- | C] () -- H:\WINDOWS\System32\d3dx9_3132.dll
[2010/03/04 16:27:21 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c00B89F8.exe
[2010/03/03 16:25:40 | 000,014,360 | ---- | C] () -- H:\WINDOWS\System32\__c00B9F1C.exe
[2010/03/02 16:23:05 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\compobj32.dll
[2010/03/02 11:08:59 | 000,014,358 | ---- | C] () -- H:\WINDOWS\System32\__c00F915A.exe
[2010/03/02 11:07:52 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dgsetup32.dll
[2010/03/01 11:23:46 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dmserver32.dll
[2010/03/01 10:59:15 | 000,014,360 | ---- | C] () -- H:\WINDOWS\System32\__c00966E9.exe
[2010/03/01 09:44:10 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\ddeml32.dll
[2010/02/28 17:16:07 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\CmdLineExt32.dll
[2010/02/28 17:06:00 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\avifile32.dll
[2010/02/28 07:20:50 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dnssd32.dll
[2010/02/27 20:00:20 | 000,014,359 | ---- | C] () -- H:\WINDOWS\System32\__c0023CCA.exe
[2010/02/27 16:49:24 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\dpcdll32.dll
[2010/02/27 10:46:45 | 000,001,766 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\HijackThis.lnk
[2010/02/27 10:36:02 | 000,200,192 | ---- | C] () -- H:\WINDOWS\System32\d3d832.dll
[2010/02/26 16:48:53 | 000,000,071 | ---- | C] () -- H:\WINDOWS\System32\74bdb778
[2010/02/26 16:22:20 | 000,014,362 | ---- | C] () -- H:\WINDOWS\System32\__c001E616.exe
[2010/02/26 10:04:05 | 000,000,817 | ---- | C] () -- H:\WINDOWS\System32\608022655
[2010/02/26 10:03:23 | 000,203,776 | -HS- | C] () -- H:\WINDOWS\System32\unrar.exe
[2010/02/26 10:03:07 | 000,200,704 | ---- | C] () -- H:\WINDOWS\System32\bitsprx232.dll
[2010/02/26 10:03:06 | 000,129,536 | ---- | C] () -- H:\WINDOWS\System32\bdco1ins32.dll
[2010/02/26 10:03:06 | 000,002,077 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783P.manifest
[2010/02/26 10:03:06 | 000,000,669 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783O.manifest
[2010/02/26 10:03:06 | 000,000,344 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783C.manifest
[2010/02/26 10:03:06 | 000,000,011 | -HS- | C] () -- H:\Documents and Settings\chris manley\Application Data\020000002aa849bb783S.manifest
[2010/02/26 10:02:53 | 000,578,560 | ---- | C] () -- H:\Documents and Settings\chris manley\Desktop\QuickTime_Update_KB673901.exe
[2010/02/22 18:54:44 | 000,001,947 | ---- | C] () -- H:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/02/20 10:35:54 | 000,001,020 | ---- | C] () -- H:\Documents and Settings\chris manley\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/01/17 21:32:09 | 000,043,520 | ---- | C] () -- H:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/21 21:31:41 | 000,000,069 | ---- | C] () -- H:\WINDOWS\NeroDigital.ini
[2008/12/07 16:16:55 | 000,000,063 | ---- | C] () -- H:\WINDOWS\mdm.ini
[2008/11/28 23:40:30 | 000,000,376 | ---- | C] () -- H:\WINDOWS\ODBC.INI
[2008/11/21 13:47:52 | 003,596,288 | ---- | C] () -- H:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 13:45:16 | 000,000,416 | ---- | C] () -- H:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 13:45:16 | 000,000,416 | ---- | C] () -- H:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 13:44:16 | 000,012,288 | ---- | C] () -- H:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/12 12:33:09 | 000,052,736 | ---- | C] () -- H:\Documents and Settings\chris manley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/23 16:51:49 | 001,703,936 | ---- | C] () -- H:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/23 16:51:49 | 001,486,848 | ---- | C] () -- H:\WINDOWS\System32\nview.dll
[2008/08/23 16:51:49 | 001,019,904 | ---- | C] () -- H:\WINDOWS\System32\nvwimg.dll
[2008/08/23 16:51:49 | 000,466,944 | ---- | C] () -- H:\WINDOWS\System32\nvshell.dll
[2008/08/23 16:51:29 | 000,286,720 | ---- | C] () -- H:\WINDOWS\System32\nvnt4cpl.dll
[2008/08/23 16:51:27 | 000,573,440 | ---- | C] () -- H:\WINDOWS\System32\nvhwvid.dll
[2008/08/23 16:36:24 | 000,000,164 | ---- | C] () -- H:\WINDOWS\avrack.ini
[2008/08/23 16:36:22 | 000,156,672 | ---- | C] () -- H:\WINDOWS\System32\RTLCPAPI.dll
[2008/08/23 16:29:40 | 000,000,231 | ---- | C] () -- H:\WINDOWS\AC3API.INI
[2008/08/23 16:29:24 | 000,047,897 | ---- | C] () -- H:\WINDOWS\System32\AudCtrl.dll
[2008/08/23 16:29:24 | 000,004,501 | ---- | C] () -- H:\WINDOWS\System32\EXTIGY.INI
[2008/08/23 16:29:15 | 000,000,196 | ---- | C] () -- H:\WINDOWS\SBWIN.INI
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- H:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- H:\WINDOWS\System32\physxcudart_20.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- H:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> H:\Documents and Settings\All Users\Application Data\TEMP:7BB5E748
< End of report >


OTL Extras logfile created on: 3/8/2010 9:29:09 AM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = H:\Documents and Settings\chris manley\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): H:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = H: | %SystemRoot% = H:\WINDOWS | %ProgramFiles% = H:\Program Files
Drive C: | 111.79 Gb Total Space | 3.59 Gb Free Space | 3.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 4.24 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 127.99 Gb Total Space | 77.25 Gb Free Space | 60.35% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: MINE
Current User Name: chris manley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- H:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "H:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "H:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "H:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "H:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "H:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"H:\WINDOWS\system32\dplaysvr.exe" = H:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\age of empires\Copy of Age Of Empires II\age2_x1\age2_x1.exe" = C:\age of empires\Copy of Age Of Empires II\age2_x1\age2_x1.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\age of empires\Copy of Age Of Empires II\empires2.exe" = C:\age of empires\Copy of Age Of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Games\Steam\SteamApps\cblip\condition zero\hl.exe" = C:\Games\Steam\SteamApps\cblip\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"H:\Program Files\LimeWire\LimeWire.exe" = H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"H:\WINDOWS\system32\dpvsetup.exe" = H:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe" = H:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe" = H:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) -- (Activision Blizzard, Inc.)
"H:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe" = H:\Program Files\LucasArts\Star Wars JK II Jedi Outcast\GameData\jk2mp.exe:*:Enabled:Star Wars Jedi Knight(TM): Jedi Outcast(TM) -- ()
"H:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = H:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM) -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Games\Steam\SteamApps\common\unreal tournament\System\UnrealTournament.exe" = C:\Games\Steam\SteamApps\common\unreal tournament\System\UnrealTournament.exe:*:Enabled:Unreal Tournament -- ()
"C:\Games\SecondLife\SLVoice.exe" = C:\Games\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"H:\Program Files\Bonjour\mDNSResponder.exe" = H:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"H:\Program Files\iTunes\iTunes.exe" = H:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Games\Call of Duty\CoDMP.exe" = C:\Games\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars Knights of the Old Republic
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0150140}" = J2SE Runtime Environment 5.0 Update 14
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A9E9D61-E4DC-4B18-B866-38D99405706D}" = Sound Blaster Extigy
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E07C2B-2220-4415-87E3-784D5814BC93}" = NVIDIA PhysX v8.09.04
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}" = EVGA Display Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"5Spice Analysis_is1" = 5Spice Analysis 1.60
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"ASIO4ALL" = ASIO4ALL
"Collab" = Collab
"cont_adsoftinc" = Contextual Platform Adsoftinc
"DAOCCharplan" = DAOC-Charplan
"Dark Age of Camelot" = Dark Age of Camelot
"FL Studio 8" = FL Studio 8
"gnxlcklsfezcqawr" = RON Tool Adsoftinc
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IL Download Manager" = IL Download Manager
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"Line 6 Uninstaller" = Line 6 Uninstaller
"Live 5.2.2" = Live 5.2.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PoiZone" = PoiZone
"SecondLife" = SecondLife (remove only)
"Steam App 13240" = Unreal Tournament
"Toxic Biohazard" = Toxic Biohazard
"Variax Workbench" = Variax Workbench (remove only)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-651377827-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DAoC Portal" = DAoC Portal

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2009 6:17:03 AM | Computer Name = MINE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3399, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/22/2009 11:18:57 PM | Computer Name = MINE | Source = Google Update | ID = 20
Description =

Error - 6/23/2009 8:19:07 PM | Computer Name = MINE | Source = Google Update | ID = 20
Description =

Error - 7/3/2009 12:21:51 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module game.dll,
version 0.2.0.0, fault address 0x0013c4ff.

Error - 9/3/2009 8:53:05 PM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application pteditor.exe, version 1.7.0.80, faulting module
pteditor.exe, version 1.7.0.80, fault address 0x0007d1b3.

Error - 9/6/2009 2:56:00 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x00000020.

Error - 9/27/2009 2:26:54 AM | Computer Name = MINE | Source = Application Error | ID = 1000
Description = Faulting application game.dll, version 0.2.0.0, faulting module game.dll,
version 0.2.0.0, fault address 0x002818f3.

Error - 10/28/2009 3:49:28 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =

Error - 10/28/2009 4:49:29 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =

Error - 10/28/2009 5:49:30 AM | Computer Name = MINE | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/26/2010 3:06:16 PM | Computer Name = MINE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0014852513DD has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/26/2010 3:11:06 PM | Computer Name = MINE | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0014852513DD has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/26/2010 7:17:38 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555173 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.

Error - 3/1/2010 3:10:23 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555162 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.

Error - 3/2/2010 3:27:35 PM | Computer Name = MINE | Source = W32Time | ID = 39452706
Description = The time service has detected that the system time needs to be changed
by -1555159 seconds. The time service will not change the system time by more than
-54000 seconds. Verify that your time and time zone are correct, and that the time
source time.windows.com (ntp.m|0x1|192.168.1.100:123->207.46.232.182:123) is working
properly.

Error - 3/2/2010 5:27:46 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/2/2010 5:27:53 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/2/2010 5:28:01 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/2/2010 5:28:08 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 3/2/2010 5:28:16 PM | Computer Name = MINE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.


< End of report >



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-08 21:15:40
Windows 5.1.2600 Service Pack 3
Running: u09visiu.exe; Driver: H:\DOCUME~1\CHRISM~1\LOCALS~1\Temp\pxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT BAF8D0FC ZwCreateThread
SSDT BAF8D0E8 ZwOpenProcess
SSDT BAF8D0ED ZwOpenThread
SSDT BAF8D0F7 ZwTerminateProcess
SSDT BAF8D0F2 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2554 80501D8C 4 Bytes CALL 0B0B1661
.text H:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9683360, 0x32E00D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10011EC9 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 10011E53 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10011D7A H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!bind 71AB4480 5 Bytes JMP 10011D04 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10011DDD H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 10011E7D H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 10011F17 H:\WINDOWS\System32\bdco1ins32.dll
.text H:\Program Files\Mozilla Firefox\firefox.exe[2388] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10011E12 H:\WINDOWS\System32\bdco1ins32.dll

---- EOF - GMER 1.0.15 ----
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 19th, 2010, 6:35 am

Hi level18barbarian,

Run Combofix:

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 19th, 2010, 2:32 pm

ComboFix 10-02-18.09 - chris manley 03/09/2010 9:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2466 [GMT -8:00]
Running from: h:\documents and settings\chris manley\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\xcrashdump.dat
h:\documents and settings\chris manley\Application Data\020000002aa849bb783C.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783O.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783P.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783S.manifest
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\chrome.manifest
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\chrome\xulcache.jar
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\defaults\preferences\xulcache.js
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\install.rdf
h:\documents and settings\chris manley\Application Data\SystemProc
h:\documents and settings\chris manley\Application Data\SystemProc\lsass.exe
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
h:\windows\system32\__c001A25E.dat
h:\windows\system32\__c001E616.exe
h:\windows\system32\__c0023CCA.exe
h:\windows\system32\__c002B110.dat
h:\windows\system32\__c002BC16.dat
h:\windows\system32\__c004BABD.dat
h:\windows\system32\__c00559D6.dat
h:\windows\system32\__c008717.dat
h:\windows\system32\__c008F982.dat
h:\windows\system32\__c00966E9.exe
h:\windows\system32\__c009B194.dat
h:\windows\system32\__c009DC76.dat
h:\windows\system32\__c00A4390.dat
h:\windows\system32\__c00A934E.exe
h:\windows\system32\__c00B0F09.dat
h:\windows\system32\__c00B3094.dat
h:\windows\system32\__c00B4F61.exe
h:\windows\system32\__c00B89F8.exe
h:\windows\system32\__c00B9F1C.exe
h:\windows\system32\__c00D3F6.dat
h:\windows\system32\__c00F915A.exe
h:\windows\system32\__c00F92D0.dat
h:\windows\system32\370136856
h:\windows\system32\45.tmp
h:\windows\system32\avifile32.dll
h:\windows\System32\bdco1ins32.dll
h:\windows\system32\bitsprx232.dll
h:\windows\system32\CAMOCX32.DLL
h:\windows\system32\CmdLineExt32.dll
h:\windows\system32\compatui32.dll
h:\windows\system32\compobj32.dll
h:\windows\system32\d3d832.dll
h:\windows\system32\d3dx9_3132.dll
h:\windows\system32\Data
h:\windows\system32\dbghelp32.dll
h:\windows\system32\ddeml32.dll
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 19th, 2010, 2:45 pm

Hi level18barbarian,

The Combofix logs looks to be incomplete. Please open the file C:\ComboFix.txt and post the contents in your next reply.

Please also run a new HijackThis scan and post the log back here and let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 19th, 2010, 6:44 pm

i will be out of town till sunday night.....here are the logs.....thanks for the help and have a great weekend :D






ComboFix 10-02-18.09 - chris manley 03/09/2010 9:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2466 [GMT -8:00]
Running from: h:\documents and settings\chris manley\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\xcrashdump.dat
h:\documents and settings\chris manley\Application Data\020000002aa849bb783C.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783O.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783P.manifest
h:\documents and settings\chris manley\Application Data\020000002aa849bb783S.manifest
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\chrome.manifest
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\chrome\xulcache.jar
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\defaults\preferences\xulcache.js
h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\extensions\{9ddeb52c-42d8-49d2-a819-4d4e8fcfd0c0}\install.rdf
h:\documents and settings\chris manley\Application Data\SystemProc
h:\documents and settings\chris manley\Application Data\SystemProc\lsass.exe
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
h:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
h:\windows\system32\__c001A25E.dat
h:\windows\system32\__c001E616.exe
h:\windows\system32\__c0023CCA.exe
h:\windows\system32\__c002B110.dat
h:\windows\system32\__c002BC16.dat
h:\windows\system32\__c004BABD.dat
h:\windows\system32\__c00559D6.dat
h:\windows\system32\__c008717.dat
h:\windows\system32\__c008F982.dat
h:\windows\system32\__c00966E9.exe
h:\windows\system32\__c009B194.dat
h:\windows\system32\__c009DC76.dat
h:\windows\system32\__c00A4390.dat
h:\windows\system32\__c00A934E.exe
h:\windows\system32\__c00B0F09.dat
h:\windows\system32\__c00B3094.dat
h:\windows\system32\__c00B4F61.exe
h:\windows\system32\__c00B89F8.exe
h:\windows\system32\__c00B9F1C.exe
h:\windows\system32\__c00D3F6.dat
h:\windows\system32\__c00F915A.exe
h:\windows\system32\__c00F92D0.dat
h:\windows\system32\370136856
h:\windows\system32\45.tmp
h:\windows\system32\avifile32.dll
h:\windows\System32\bdco1ins32.dll
h:\windows\system32\bitsprx232.dll
h:\windows\system32\CAMOCX32.DLL
h:\windows\system32\CmdLineExt32.dll
h:\windows\system32\compatui32.dll
h:\windows\system32\compobj32.dll
h:\windows\system32\d3d832.dll
h:\windows\system32\d3dx9_3132.dll
h:\windows\system32\Data
h:\windows\system32\dbghelp32.dll
h:\windows\system32\ddeml32.dll
h:\windows\system32\DGSETUP32.DLL
h:\windows\system32\dgsetup3232.dll
h:\windows\system32\DMSERVER32.DLL
h:\windows\system32\dnssd32.dll
h:\windows\system32\dot3dlg32.dll
h:\windows\system32\DPCDLL32.DLL
h:\windows\system32\dpus1132.dll
h:\windows\system32\DSDMO32.DLL
h:\windows\system32\dskquota32.dll
h:\windows\system32\SysWoW32
h:\windows\system32\SysWoW32\_u2120739365v0
h:\windows\system32\SysWoW32\_u2120739365v1
h:\windows\system32\SysWoW32\_u2120739365v2
h:\windows\system32\SysWoW32\_u2120739365v3
h:\windows\system32\SysWoW32\wu2120739365v0
h:\windows\system32\SysWoW32\wu2120739365v1
h:\windows\system32\SysWoW32\wu2120739365v2
h:\windows\system32\SysWoW32\wu2120739365v3
h:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-09 to 2010-03-09 )))))))))))))))))))))))))))))))
.

2010-02-28 00:49 . 2010-02-28 00:49 -------- d-----w- h:\documents and settings\chris manley\Application Data\Avira
2010-02-20 18:40 . 2010-02-20 18:40 -------- d-----w- h:\documents and settings\All Users\Application Data\Adobe Systems
2010-02-20 18:39 . 2010-02-20 18:40 -------- d-----w- h:\documents and settings\chris manley\Local Settings\Application Data\Adobe
2010-02-20 18:35 . 2010-02-20 18:35 -------- d-----w- h:\program files\Common Files\Adobe Systems Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 14:08 . 2009-01-04 04:12 -------- d-----w- h:\documents and settings\All Users\Application Data\Google Updater
2010-03-09 05:26 . 2009-11-07 00:22 79488 ----a-w- h:\documents and settings\chris manley\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-08 13:27 . 2010-03-08 13:27 737280 --sha-w- h:\windows\system32\BB.tmp
2010-03-07 14:06 . 2010-03-07 14:06 737280 --sha-w- h:\windows\system32\28.tmp
2010-03-06 18:06 . 2010-03-06 18:06 737280 --sha-w- h:\windows\system32\13.tmp
2010-03-05 09:29 . 2010-03-05 09:29 737280 --sha-w- h:\windows\system32\2A.tmp
2010-03-04 13:29 . 2010-03-04 13:29 737280 --sha-w- h:\windows\system32\27.tmp
2010-03-03 17:29 . 2010-03-03 17:29 737280 --sha-w- h:\windows\system32\25.tmp
2010-03-02 15:09 . 2010-03-02 15:09 738304 --sha-w- h:\windows\system32\B3.tmp
2010-02-28 20:32 . 2010-02-28 20:32 738304 --sha-w- h:\windows\system32\8A.tmp
2010-02-28 00:32 . 2008-10-08 00:11 -------- d-----w- h:\documents and settings\chris manley\Application Data\LimeWire
2010-02-27 18:59 . 2008-12-22 06:24 -------- d-----w- h:\program files\LimeWire
2010-02-27 14:03 . 2010-02-27 14:03 739328 --sha-w- h:\windows\system32\A76.tmp
2010-02-26 18:03 . 2010-02-26 18:03 739328 --sha-w- h:\windows\system32\A27.tmp
2010-02-26 18:02 . 2008-08-24 00:55 19024 ----a-w- h:\documents and settings\chris manley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 02:54 . 2009-01-04 04:12 -------- d-----w- h:\program files\Google
2010-02-20 18:35 . 2008-08-24 00:30 -------- d-----w- h:\program files\Common Files\Adobe
2010-01-03 09:32 . 2010-01-03 09:32 5120 ----a-w- h:\documents and settings\chris manley\Application Data\Eden\dolloader.exe
2010-01-03 09:32 . 2010-01-03 09:32 286208 ----a-w- h:\documents and settings\chris manley\Application Data\Eden\EdenDLL.exe
2009-12-31 16:50 . 2004-08-10 12:00 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2004-08-10 12:00 667136 ----a-w- h:\windows\system32\wininet.dll
2009-12-22 05:20 . 2004-08-10 12:00 81920 ----a-w- h:\windows\system32\ieencode.dll
2009-12-16 18:43 . 2008-08-23 23:55 343040 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-10 12:00 33280 ----a-w- h:\windows\system32\csrsrv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="h:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="h:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Disc Detector"="h:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-25 191488]
"AudCtrl"="AudCtrl.dll" [2002-03-21 47897]
"UpdReg"="h:\windows\UpdReg.EXE" [2000-05-11 90112]
"CTStartup"="h:\program files\Creative\Splash Screen\CTEaxSpl.EXE" [2001-12-20 28672]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"avgnt"="h:\program files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600]
"NeroFilterCheck"="h:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"iTunesHelper"="h:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

h:\documents and settings\chris manley\Start Menu\Programs\Startup\
Adobe Gamma.lnk - h:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

h:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - h:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\age of empires\\Copy of Age Of Empires II\\age2_x1\\age2_x1.exe"=
"c:\\age of empires\\Copy of Age Of Empires II\\empires2.exe"=
"c:\\Games\\Steam\\SteamApps\\cblip\\condition zero\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\WINDOWS\\system32\\dpvsetup.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"h:\\Program Files\\LucasArts\\Star Wars JK II Jedi Outcast\\GameData\\jk2mp.exe"=
"h:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Games\\Steam\\SteamApps\\common\\unreal tournament\\System\\UnrealTournament.exe"=
"c:\\Games\\SecondLife\\SLVoice.exe"=
"h:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"h:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Games\\Call of Duty\\CoDMP.exe"=

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;h:\program files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [8/25/2008 5:00 PM 164097]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;h:\program files\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe [8/25/2008 5:00 PM 258305]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;h:\program files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [8/25/2008 5:00 PM 41217]
R3 L6DP;L6DP;h:\windows\system32\drivers\l6dp.sys [9/29/2006 8:05 AM 29312]
R3 sbext;Sound Blaster Extigy Audio Driver;h:\windows\system32\drivers\sbext.sys [8/23/2008 4:29 PM 1152916]
S2 gupdate1c988b7520d0ef0;Google Update Service (gupdate1c988b7520d0ef0);h:\program files\Google\Update\GoogleUpdate.exe [2/6/2009 4:02 PM 133104]
S3 GPWADrv;Service for L6 GuitarPort Driver (WDM);h:\windows\system32\drivers\GPWADrv.sys [9/29/2006 8:01 AM 472832]
S3 L6PODLV;PODxt Live Service;h:\windows\system32\drivers\L6PODLV.sys [9/29/2006 8:01 AM 472832]
S3 L6TPortB;Service - Line 6 TonePort UX2;h:\windows\system32\drivers\L6TPortB.sys [9/29/2006 8:01 AM 472832]
.
Contents of the 'Scheduled Tasks' folder

2010-03-06 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-03-09 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-04 21:47]

2010-03-09 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 00:02]

2010-03-09 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 00:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
LSP: avsda.dll
Trusted Zone: line6.net
FF - ProfilePath - h:\documents and settings\chris manley\Application Data\Mozilla\Firefox\Profiles\cfca2ujj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox? ... S:official
FF - prefs.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - plugin: h:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: h:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www9.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www9.yoog.com/search.php?q=
.
- - - - ORPHANS REMOVED - - - -

BHO-{04344831-1C91-456F-AD75-ED9628A24227} - h:\windows\System32\dsdmo32.dll
BHO-{a827e29e-c025-a5b8-6027-523a4456fc88} - h:\windows\system32\nsm9.dll
HKLM-Run-Jet Detection - h:\program files\Creative\SBExtigy\PROGRAM\ADGJDet.exe
AddRemove-HijackThis - h:\documents and settings\chris manley\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-09 10:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = h:\program files\Creative\ShareDLL\CtNotify.exe?X???????????????????E?@?Disc Detector?A????? ?A?@ ????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A?? ????B???@?????P?????@?? ??????~?B~??????????@?}?????????????????B?????? ??????????????????????????r?B
CTStartup = h:\program files\Creative\Splash Screen\CTEaxSpl.EXE /run???h??????s?????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&3?????\??? ??? ???\???\???????????5?B~e?B~\???\???????X?`??????C@?\???\??????s????\??????s\????&3?A??s?&3??C@?x???`|?w\?????@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-651377827-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:df,34,bb,6f,1c,09,e6,24,51,7d,32,48,4f,5f,7a,07,ba,2c,08,cb,93,b8,e5,
4f,28,e5,42,47,74,13,b1,c6,ec,c9,24,9c,a8,94,9b,19,09,79,ca,55,0e,15,9c,98,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(732)
h:\windows\system32\avsda.dll

- - - - - - - > 'explorer.exe'(636)
h:\windows\system32\avsda.dll
h:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Avira\AntiVir PersonalEdition Premium\sched.exe
h:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
h:\windows\system32\RunDll32.exe
h:\windows\SOUNDMAN.EXE
h:\windows\system32\RUNDLL32.EXE
h:\program files\Creative\ShareDLL\MediaDet.exe
h:\program files\Avira\AntiVir PersonalEdition Premium\avguard.exe
h:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
h:\program files\Bonjour\mDNSResponder.exe
h:\windows\system32\CTsvcCDA.exe
h:\windows\eHome\ehRecvr.exe
h:\windows\eHome\ehSched.exe
h:\program files\Java\jre6\bin\jqs.exe
h:\windows\system32\nvsvc32.exe
h:\windows\system32\MsPMSPSv.exe
h:\program files\iPod\bin\iPodService.exe
h:\windows\system32\dllhost.exe
h:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2010-03-09 10:04:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-09 18:04

Pre-Run: 82,925,019,136 bytes free
Post-Run: 83,758,292,992 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7522458DE8192436003068965373F079




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:41:03 PM, on 3/9/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
H:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
H:\WINDOWS\ehome\ehtray.exe
H:\Program Files\Creative\ShareDLL\CtNotify.exe
H:\WINDOWS\system32\RunDll32.exe
H:\WINDOWS\SOUNDMAN.EXE
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
H:\Program Files\Java\jre6\bin\jusched.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Creative\ShareDLL\MediaDet.exe
H:\Program Files\iTunes\iTunesHelper.exe
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\CTsvcCDA.exe
H:\WINDOWS\eHome\ehRecvr.exe
H:\WINDOWS\eHome\ehSched.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\MsPMSPSv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
H:\Program Files\iPod\bin\iPodService.exe
H:\WINDOWS\system32\dllhost.exe
H:\WINDOWS\eHome\ehmsas.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\explorer.exe
H:\Program Files\Java\jre6\bin\jucheck.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80103
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] H:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Disc Detector] H:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudCtrl] RunDll32 AudCtrl.dll,RCMonitor
O4 - HKLM\..\Run: [UpdReg] H:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] H:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] H:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "H:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "H:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Adobe Gamma.lnk = H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = H:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: H:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.line6.net
O23 - Service: Adobe LM Service - Adobe Systems - H:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bonjour Service - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - H:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Update Service (gupdate1c988b7520d0ef0) (gupdate1c988b7520d0ef0) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - H:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7032 bytes
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 19th, 2010, 8:27 pm

Hi level18barbarian,

Please run Malwarebytes Antimalware and update it then run a quick scan and post the log back here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby level18barbarian » February 22nd, 2010, 3:29 pm

antivir still blocking like crazy....but the redirects seem to have stopped


Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

3/12/2010 11:24:39 AM
mbam-log-2010-03-12 (11-24-39).txt

Scan type: Quick Scan
Objects scanned: 105337
Time elapsed: 5 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
level18barbarian
Regular Member
 
Posts: 39
Joined: December 10th, 2008, 8:14 pm

Re: Random pop-ups......anti-vir constantly blocking somthing..

Unread postby deltalima » February 22nd, 2010, 3:50 pm

Hi level18barbarian,

antivir still blocking like crazy


Please copy and paste a sample of some recent entries from the antivir log in your next reply.

Run TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with the info from the antivir log
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware