Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

"Downloaded The Bill103 Virus: The Sequel"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

"Downloaded The Bill103 Virus: The Sequel"

Unread postby RadicalSatisfaction » March 31st, 2010, 2:48 am

Here is the explanation of the problem as originally posted:

Like some kind of MORON I failed to follow my own advice, clicked a link in Facebook and found Bill103 running as a process in Process Explorer. I killed the process, followed the instructions from some posts I was able to look at from another computer, removed the Bill103 file from registry, deleted all temp. internet files (here is the link if you want exact specifics of what instructions I followed: http://www.wilderssecurity.com/showthread.php?p=1632221 )... I also ran a script with Avenger from another post ( http://www.myantispyware.com/2009/11/22 ... face-worm/ ) to remove all occurrence of Koobace worm. I tried to follow the instructions to run Malwarebyte's Anti-Malware program, & although it did install, it will not update. My AVG Anti-virus will not update either, gives me the message "the update control file is missing ". If that is not enough, Any search or attempt to load web-pages w/Firefox are an exercise in futility... I am continuously redirected to random pages.

Sorry if this is too much info, I just wanted to let you know the specifics.

Here are the new logs requested, in two posts as there are too many characters for one post:

HIJACKTHIS - 03.30.2010:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:10 PM, on 3/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\PROCESS EXPLORER V.11.33\PROCEXP V.11.33.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [Nuance OmniPage 17-reminder] "C:\Program Files\Nuance\OmniPage17\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 17\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Create 5\RegistryController.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UPS-Status] C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [OpAgent] "OpAgent.exe" /agent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Directory Opus Desktop Dblclk] "C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe" /dblclk
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - Startup: Directory Opus.lnk = C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: SATARaid.lnk = ?
O4 - Global Startup: True Internet Color Icon.lnk = C:\Program Files\E-Color\True Internet Color\TICIcon.exe
O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Encarta Search Bar - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ast Service - Nalpeiron Ltd. - C:\WINDOWS\system32\\AstSrv.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe
O23 - Service: UPS - UPSentry Service (UPSentry_Smart) - Unknown owner - C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe

--
End of file - 12389 bytes

1st UNINSTALL LIST - 03.30.2010

µTorrent
ACDSee
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advertising Center
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASCOM Platform 4.1
ASUS Features
ASUS Probe V2.19.00
AsusUpdate
Avance AC'97 Audio
AVG Free 9.0
Belkin Bulldog Plus
Brother HL-5040
C-Dilla Licence Management System
CFA's DizNfo
ClassicPro© v1.14
Copernic Agent Professional
Corel Applications
CPUID CPU-Z 1.53.1
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DFX for Winamp
Diskeeper 2010 Pro Premier
DolbyFiles
Dragon NaturallySpeaking 10
GPSoftware Directory Opus
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo Printing Software
HP Precisionscan Pro 3.1
ID3-TagIT 3
Intel Application Accelerator
Java(TM) 6 Update 18
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morris Proctor Seminars Quick Files for Libronix
Movie Templates - Starter Kit
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetObjects Fusion 5.0
Nuance OmniPage 17
Nuance PDF Create! 5
NVIDIA Drivers
O&O Defrag Professional
Oxford English Dictionary
Quicken 2010
QuickTime
QuickTime
SATARaid
ScanSoft PaperPort 11
Scripture Memory System
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SiSoftware Sandra Professional Business 2010
Snagit 9.1.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Starry Night Pro Plus 6
System Requirements Lab
TreeSize Professional 5.3.1
True Internet Color
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB973687)
UPS Power Management for Windows 2000
Visual C++ Runtime for Dragon NaturallySpeaking
Voice Editor
WhiteCap
Winamp
Winamp Essentials Pack
Winamp Remote
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
WinRAR archiver
WinZip 14.0
ZENcast Organizer


1st DDS LOG - 03.30.2010


DDS (Ver_10-03-17.01) - NTFSx86
Run by J. Anthony Hansen at 19:13:50.85 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.688 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\svchost.exe -k tapisrvs
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRAM FILES\PROCESS EXPLORER V.11.33\PROCEXP V.11.33.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\J. Anthony Hansen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = res://c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Copernic Agent Results: {6f480f82-c3a6-4d35-96f7-b297ad49fbe8} - c:\program files\copernic agent\CopernicAgentExt.dll
EB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [OpAgent] "OpAgent.exe" /agent
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UPS-Status] c:\program files\belkin bulldog plus\UPS-Status.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
IFEO: taskmgr.exe - "c:\program files\process explorer v.11.33\PROCEXP V.11.33.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j6884~1.ant\applic~1\mozilla\firefox\profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2010-1-27 84529]
R1 apto6ko;BIOS Service PostAgent;c:\windows\system32\drivers\imapioko.sys [2009-4-22 32768]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-1-28 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpqoko6;Mass Driver Sentinel Service Call Browser Device Packet;c:\windows\system32\svchost.exe -k tapisrvs [2008-4-14 14336]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-2-3 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-2-1 93336]

============== File Associations ===============

scrfile="%1" /S "%3"
.txt=Text

=============== Created Last 30 ================

2010-03-31 02:07:09 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\AVG9
2010-03-18 21:12:24 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23:19 0 d-----w- c:\program files\Trend Micro
2010-03-14 22:36:10 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\Malwarebytes
2010-03-14 22:36:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 22:30:05 15470 ----a-w- C:\backup.reg
2010-03-14 20:46:46 1 ----a-w- c:\windows\ligh
2010-03-12 16:53:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05:31 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05:30 0 d-----w- c:\program files\CPUID
2010-03-04 01:45:31 0 d-----w- c:\program files\uTorrent
2010-03-04 01:45:06 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\uTorrent

==================== Find3M ====================

2010-03-12 16:53:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:52:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-11 05:35:32 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-01-28 02:03:32 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:54:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 11:02:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 12:00:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 19:14:30.03 ===============


1st ATTACH LOG - 03.30.2010


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2010 3:08:20 AM
System Uptime: 3/30/2010 11:22:08 AM (8 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4G8X
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | PGA 478 | 2533/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 74.522 GiB free.
D: is FIXED (NTFS) - 59 GiB total, 29.456 GiB free.
E: is FIXED (NTFS) - 56 GiB total, 55.478 GiB free.
F: is FIXED (NTFS) - 112 GiB total, 24.07 GiB free.
Y: is CDROM ()
Z: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP89: 2/16/2010 2:04:15 PM - Avg8 Update
RP90: 2/18/2010 11:05:50 AM - System Checkpoint
RP91: 2/19/2010 11:51:53 AM - System Checkpoint
RP92: 2/19/2010 6:35:31 PM - Installed Creative ZEN Vision M Series
RP93: 2/19/2010 7:09:37 PM - Installed Creative MediaSource 5
RP94: 2/19/2010 7:35:07 PM - Installed Windows Media Player 11
RP95: 2/19/2010 7:35:29 PM - Installed Windows XP Wudf01000.
RP96: 2/19/2010 7:37:18 PM - Installed Windows XP MSCompPackV1.
RP97: 2/20/2010 7:28:36 PM - Software Distribution Service 3.0
RP98: 2/21/2010 8:14:19 PM - System Checkpoint
RP99: 2/22/2010 8:46:45 PM - System Checkpoint
RP100: 2/23/2010 10:42:04 PM - System Checkpoint
RP101: 2/24/2010 9:39:16 PM - Software Distribution Service 3.0
RP102: 2/25/2010 10:45:50 PM - System Checkpoint
RP103: 2/26/2010 11:29:23 PM - System Checkpoint
RP104: 2/28/2010 12:29:23 AM - System Checkpoint
RP105: 3/1/2010 12:30:28 AM - System Checkpoint
RP106: 3/2/2010 10:57:32 AM - System Checkpoint
RP107: 3/3/2010 7:28:52 PM - System Checkpoint
RP108: 3/4/2010 8:32:10 PM - System Checkpoint
RP109: 3/5/2010 9:03:36 PM - System Checkpoint
RP110: 3/6/2010 9:27:40 PM - System Checkpoint
RP111: 3/7/2010 9:37:36 PM - System Checkpoint
RP112: 3/8/2010 9:52:05 PM - System Checkpoint
RP113: 3/9/2010 11:49:14 PM - System Checkpoint
RP114: 3/11/2010 12:38:51 AM - System Checkpoint
RP115: 3/11/2010 7:24:23 AM - Software Distribution Service 3.0
RP116: 3/12/2010 7:53:22 AM - System Checkpoint
RP117: 3/12/2010 8:51:08 AM - Avg8 Update
RP118: 3/12/2010 8:53:20 AM - Avg Update
RP119: 3/13/2010 9:28:46 AM - System Checkpoint
RP120: 3/14/2010 11:28:46 AM - System Checkpoint
RP121: 3/15/2010 11:38:41 AM - System Checkpoint
RP122: 3/16/2010 8:01:17 PM - System Checkpoint
RP123: 3/17/2010 8:40:36 PM - System Checkpoint
RP124: 3/18/2010 8:42:44 PM - System Checkpoint
RP125: 3/19/2010 9:11:20 PM - System Checkpoint
RP126: 3/20/2010 9:33:26 PM - System Checkpoint
RP127: 3/21/2010 10:53:04 PM - System Checkpoint
RP128: 3/22/2010 11:49:57 PM - System Checkpoint
RP129: 3/24/2010 1:06:33 AM - System Checkpoint
RP130: 3/25/2010 1:15:42 AM - System Checkpoint
RP131: 3/26/2010 1:25:48 AM - System Checkpoint
RP132: 3/27/2010 1:40:24 AM - System Checkpoint
RP133: 3/28/2010 2:25:47 AM - System Checkpoint
RP134: 3/29/2010 2:47:48 AM - System Checkpoint
RP135: 3/30/2010 3:39:15 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
ACDSee
ACT!
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advertising Center
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASCOM Platform 4.1
ASUS Features
ASUS Probe V2.19.00
AsusUpdate
Avance AC'97 Audio
AVG Free 9.0
Batch Update
Belkin Bulldog Plus
Bible Data Type System Files
Brother HL-5040
C-Dilla Licence Management System
CFA's DizNfo
ClassicPro© v1.14
Clause Visualizer
Common System Files
Copernic Agent Professional
Corel Applications
CPUID CPU-Z 1.53.1
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DFX for Winamp
Diskeeper 2010 Pro Premier
DolbyFiles
Dragon NaturallySpeaking 10
GPSoftware Directory Opus
Graphical Query Editor
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo Printing Software
HP Precisionscan Pro 3.1
ID3-TagIT 3
ImagXpress
Intel Application Accelerator
Java Auto Updater
Java(TM) 6 Update 18
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LLS Resource Driver
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
MetaStock 11.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morris Proctor Seminars Quick Files for Libronix
Movie Templates - Starter Kit
Mozilla Firefox (3.6.2)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetObjects Fusion 5.0
Nuance OmniPage 17
Nuance PDF Create! 5
NVIDIA Drivers
O&O Defrag Professional
OEB Resource Driver
Oxford English Dictionary
PDF Resource Driver
Quicken 2010
QuickTime
SATARaid
ScanSoft PaperPort 11
Scansoft PDF Create
Scripture Memory System
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sentence Diagramming
SiSoftware Sandra Professional Business 2010
Snagit 9.1.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Starry Night Pro Plus 6
System Requirements Lab
TreeSize Professional 5.3.1
True Internet Color
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB973687)
UPS Power Management for Windows 2000
Video Resource Driver
Visual C++ Runtime for Dragon NaturallySpeaking
Voice Editor
WebFldrs XP
WhiteCap
Winamp
Winamp Application Detect
Winamp Essentials Pack
Winamp Remote
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 14.0
Z 39.50 Library
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

3/30/2010 7:40:07 AM, error: PlugPlayManager [12] - The device 'Maxtor 4G120J6' (IDE\DiskMaxtor_4G120J6__________________________GAK819K0\5&e088e23&0&0.0.0) disappeared from the system without first being prepared for removal.
3/24/2010 4:01:15 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:58:19 PM, error: Service Control Manager [7031] - The Mass Driver Sentinel Service Call Browser Device Packet service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/24/2010 3:02:11 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:02:04 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 3:02:02 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/24/2010 12:32:16 AM, error: IdeChnDr [9] - The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.

==== End Of File ===========================


GMER LOG

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-30 21:34:58
Windows 5.1.2600 Service Pack 3
Running: GMER v 1.0.15.15281.exe; Driver: C:\DOCUME~1\J6884~1.ANT\LOCALS~1\Temp\awrdipob.sys


---- System - GMER 1.0.15 ----

SSDT spha.sys ZwCreateKey [0xF771B0E0]
SSDT spha.sys ZwEnumerateKey [0xF7733DA4]
SSDT spha.sys ZwEnumerateValueKey [0xF7734132]
SSDT spha.sys ZwOpenKey [0xF771B0C0]
SSDT spha.sys ZwQueryKey [0xF773420A]
SSDT spha.sys ZwQueryValueKey [0xF773408A]
SSDT spha.sys ZwSetValueKey [0xF773429C]

INT 0x62 ? 8676CBF8
INT 0x63 ? 867DBBF8
INT 0x73 ? 867DBBF8
INT 0x82 ? 8676CBF8
INT 0x84 ? 85D7ABF8
INT 0x94 ? 85D7ABF8
INT 0xA4 ? 85D7ABF8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 169 804E27D5 3 Bytes [3D, 73, F7]
? spha.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6E698AC 5 Bytes JMP 85D7A1D8
.text a3afir6q.SYS F6984386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a3afir6q.SYS F69843AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a3afir6q.SYS F69843C4 3 Bytes [00, 80, 02]
.text a3afir6q.SYS F69843C9 1 Byte [30]
.text a3afir6q.SYS F69843C9 11 Bytes [30, 00, 00, 00, 5E, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESI; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 867DB2D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7746DDC] spha.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7746E30] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F771C042] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F771C13E] spha.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F771C0C0] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F771C800] spha.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F771C6D6] spha.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 85D7A2D8
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F772BB90] spha.sys
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!swprintf] 001CBA86
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8986
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C8B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmFreeMappingAddress] 96868801
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CB286
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnmapIoSpace] 88968B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IofCompleteRequest] 001CA496
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IofCallDriver] 001CC186
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] C286880C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CC386
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C98
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObfDereferenceObject] 22F6E852
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwClose] 1CB48E8D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 000022E4
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoCreateDevice] 00001CA0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 22D2E850
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwOpenKey] 1CBC968D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartTimer] 000022C0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInitializeTimer] 001CC38E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CC58688
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CC386
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C98
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2292E851
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CB4868D
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnlockPages] 00002280
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CC38E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CC58688
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CC396
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeSetTimer] F6317300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CC5
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CC5
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CC68E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC886
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateIrp] 11E85000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000022
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CC08E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmLockPagableDataSection] C4968B00
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CCC8E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!ExFreePoolWithTag] D0968900
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!InitSafeBootMode] D4C68150
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!PoCallDriver] 0021E7E8
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_UCHAR] 1C959E88
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfRaiseIrql] 00001CB1
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!HalTranslateBusAddress] 8986C636
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!KfReleaseSpinLock] 1C8B86C6
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!READ_PORT_USHORT] 001C9686
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CB2
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a3afir6q.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB99E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 867D61F8
Device \FileSystem\Fastfat \FatCdrom 85A37500

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Ip imapioko.sys (Filter Audio/Belarc, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{9246BC11-7EAB-4CA2-A31A-04F55AB57E62} 85A43500
Device \Driver\usbuhci \Device\USBPDO-0 85D9D1F8
Device \Driver\usbuhci \Device\USBPDO-1 85D9D1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8676D1F8
Device \Driver\dmio \Device\DmControl\DmConfig 8676D1F8
Device \Driver\dmio \Device\DmControl\DmPnP 8676D1F8
Device \Driver\dmio \Device\DmControl\DmInfo 8676D1F8
Device \Driver\usbuhci \Device\USBPDO-2 85D9D1F8
Device \Driver\usbehci \Device\USBPDO-3 85D731F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp imapioko.sys (Filter Audio/Belarc, Inc.)

Device \Driver\NetBT \Device\NetBT_Tcpip_{68A115AD-FCEC-41FF-AD45-416004020009} 85A43500
Device \Driver\PCI_PNP0456 \Device\00000049 spha.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 867D91F8
Device \Driver\Cdrom \Device\CdRom0 85A941F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 867D91F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 867D91F8
Device \Driver\Cdrom \Device\CdRom1 85A941F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T0L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP1T1L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeDeviceP0T0L0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr0 8676C1F8
Device \Driver\IdeChnDr \Device\Ide\IdeChnDr1 8676C1F8
Device \Driver\Ftdisk \Device\HarddiskVolume6 867D91F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 85A43500
Device \Driver\NetBT \Device\NetbiosSmb 85A43500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp imapioko.sys (Filter Audio/Belarc, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp imapioko.sys (Filter Audio/Belarc, Inc.)

Device \Driver\sptd \Device\3928737956 spha.sys
Device \Driver\usbuhci \Device\USBFDO-0 85D9D1F8
Device \Driver\USBSTOR \Device\0000007a 85D3A500
Device \Driver\usbuhci \Device\USBFDO-1 85D9D1F8
Device \Driver\USBSTOR \Device\0000007b 85D3A500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 85B7A360
Device \Driver\usbuhci \Device\USBFDO-2 85D9D1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 85B7A360
Device \Driver\usbehci \Device\USBFDO-3 85D731F8
Device \Driver\Ftdisk \Device\FtControl 867D91F8
Device \Driver\a3afir6q \Device\Scsi\a3afir6q1Port3Path0Target0Lun0 85A921F8
Device \Driver\a3afir6q \Device\Scsi\a3afir6q1 85A921F8
Device \Driver\Si3112r \Device\Scsi\Si3112r1 867D71F8
Device \FileSystem\Fastfat \Fat 85A37500

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 85943500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xE4 0xC6 0x41 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2E 0xA5 0xAE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x59 0x81 0xEF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0xE4 0xC6 0x41 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA1 0x2E 0xA5 0xAE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDB 0x59 0x81 0xEF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL F5941F57B699619505531C3FD6DCB4B221EC126648C8C632C99B27E792C7D66DACA42B74C4C1EE703617DE788E48743A3EDACEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A9C6AECB7A5D1407FCDCE23BB4CC8A2DAADBFC31EB10D61AC5E82FA3B90DD84AB52599A9671C519B0320244FF94014857471292773CB12F207E961687099B82F28D72D270DD01B5E49CAAD149F3CF10A3DF91ECD3E33E438EEB010479B0CA91BDA4C71352CA5EF456149D9959FFB9AF8ECE434BCA9D0D1025ACBB3FE9ADEDB1D3D52165C48264AF672CBB745C4BAF6337CE2F86EE6B05088B60BF53426917369D4FC83083F621E42B3C50B782EB8E6BFF968ACC079E4492C0906B16CC4258758B9A253893DEC4E1873F04C69D1BB3AC709AEC3F5BB041E706717FA9456A124661860D393C5DE358B13C7A634758CB89ADE33673459A7227A7DDC967A8A90C9B130948841B0529ED7088BF9DAB5761B28C537730753EB99970A38FC536A02EC7ED561A70C2869CBD8DAC0D843024B10071DBF77DCFE7442B4E1CF5DB5CC08F4B6712F9A572A44728E282E8AB59E5F3A7255953906056649E46A0F181DE0B8BDE3002801E58A8DBB9F24E08BE1A30BAEC5F545B13A616AD3DF20A1C3E7282E9837913CADDF6

---- EOF - GMER 1.0.15 ----
RadicalSatisfaction
Active Member
 
Posts: 7
Joined: March 14th, 2010, 7:30 pm
Advertisement
Register to Remove

Blade81 "Downloaded The Bill103 Virus: The Sequel" Part II

Unread postby RadicalSatisfaction » March 31st, 2010, 2:52 am

Here are the other logs requested - I uninstalled the P@P prog at this point, as originally instructed



COMBOFIX LOG

ComboFix 10-03-29.04 - J. Anthony 03/30/2010 23:11:32.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.653 [GMT -7:00]
Running from: c:\documents and settings\J. Anthony Hansen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\J. Anthony Hansen\Desktop\Fix FaceBook Virus II\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\ligh
c:\windows\system32\drivers\imapioko.sys
c:\windows\system32\erokosvc.dll
c:\windows\system32\Icons
c:\windows\system32\Icons\A BIT OF STARWARS BOBAFETT.ico
c:\windows\system32\Icons\A BIT OF STARWARS BOBAFETT.png
c:\windows\system32\Icons\All Icons.icl
c:\windows\system32\Icons\AQUA ICONS APPLICATIONS AFP CLIENT.ico
c:\windows\system32\Icons\AQUA ICONS APPLICATIONS AFP CLIENT.png
c:\windows\system32\Icons\AQUA ICONS APPLICATIONS ITUNES AQUA.ico
c:\windows\system32\Icons\AQUA ICONS APPLICATIONS ITUNES AQUA.png
c:\windows\system32\Icons\AQUA ICONS SYSTEM NETWORK MANAGER.ico
c:\windows\system32\Icons\AQUA ICONS SYSTEM NETWORK MANAGER.png
c:\windows\system32\Icons\ark.ico
c:\windows\system32\Icons\ark.png
c:\windows\system32\Icons\audacitySZ - b.ico
c:\windows\system32\Icons\audacitySZ.ico
c:\windows\system32\Icons\audacitySZ.png
c:\windows\system32\Icons\AVX_ICONS DOCS METAL.ico
c:\windows\system32\Icons\AVX_ICONS DOCS METAL.png
c:\windows\system32\Icons\AVX_ICONS HD.ico
c:\windows\system32\Icons\AVX_ICONS HD.png
c:\windows\system32\Icons\Blu Style png appleworks.ico
c:\windows\system32\Icons\Blu Style png appleworks.png
c:\windows\system32\Icons\Blu Style png critical files.ico
c:\windows\system32\Icons\Blu Style png critical files.png
c:\windows\system32\Icons\Cadenas 3D.ico
c:\windows\system32\Icons\Cadenas 3D.png
c:\windows\system32\Icons\CAMELOT.ico
c:\windows\system32\Icons\CAMELOT.png
c:\windows\system32\Icons\Candy Vivian Icon 39.ico
c:\windows\system32\Icons\Candy Vivian Icon 39.png
c:\windows\system32\Icons\COMPUTER G4 MONITOR.ico
c:\windows\system32\Icons\COMPUTER G4 MONITOR.png
c:\windows\system32\Icons\COMPUTER TI BOOK FRONT.ico
c:\windows\system32\Icons\COMPUTER TI BOOK FRONT.png
c:\windows\system32\Icons\connection reseaux 3d.ico
c:\windows\system32\Icons\connection reseaux 3d.png
c:\windows\system32\Icons\dbPoweramp copy.ico
c:\windows\system32\Icons\dbPoweramp copy.png
c:\windows\system32\Icons\DOLLAR.ico
c:\windows\system32\Icons\DOLLAR.png
c:\windows\system32\Icons\Dossiers mises à jour.ico
c:\windows\system32\Icons\Dossiers mises à jour.png
c:\windows\system32\Icons\Dossiers réseaux.ico
c:\windows\system32\Icons\Dossiers réseaux.png
c:\windows\system32\Icons\Dossiers sécurité.ico
c:\windows\system32\Icons\Dossiers sécurité.png
c:\windows\system32\Icons\Download.ico
c:\windows\system32\Icons\Download.png
c:\windows\system32\Icons\firefox_experiment_3_01.ico
c:\windows\system32\Icons\firefox_experiment_3_01.png
c:\windows\system32\Icons\Folder-CD.ico
c:\windows\system32\Icons\Folder-CD.png
c:\windows\system32\Icons\GLOBE19.ico
c:\windows\system32\Icons\GLOBE19.png
c:\windows\system32\Icons\HARDWARE SUITCASE.ico
c:\windows\system32\Icons\HARDWARE SUITCASE.png
c:\windows\system32\Icons\INDUSTRIAL SYSTEM IDISK (PUBLIC).ico
c:\windows\system32\Icons\INDUSTRIAL SYSTEM IDISK (PUBLIC).png
c:\windows\system32\Icons\INDUSTRIAL SYSTEM TRASH INDUSTRIAL SYSTEM (FULL).ico
c:\windows\system32\Icons\INDUSTRIAL SYSTEM TRASH INDUSTRIAL SYSTEM (FULL).png
c:\windows\system32\Icons\Internet Explorer44.ico
c:\windows\system32\Icons\Internet Explorer44.png
c:\windows\system32\Icons\knetconfig.ico
c:\windows\system32\Icons\knetconfig.png
c:\windows\system32\Icons\LabviewSZ.ico
c:\windows\system32\Icons\LabviewSZ.png
c:\windows\system32\Icons\lighthouse_4.ico
c:\windows\system32\Icons\linneighborhood.ico
c:\windows\system32\Icons\linneighborhood.png
c:\windows\system32\Icons\LOCKED DRIVE.ico
c:\windows\system32\Icons\LOCKED DRIVE.png
c:\windows\system32\Icons\MICROSOFT OFFICE5.ico
c:\windows\system32\Icons\MICROSOFT OFFICE5.png
c:\windows\system32\Icons\My Network Places.ico
c:\windows\system32\Icons\My Network Places.png
c:\windows\system32\Icons\pare-feu 3D.ico
c:\windows\system32\Icons\pare-feu 3D.png
c:\windows\system32\Icons\Spyboot3D2112.ico
c:\windows\system32\Icons\Spyboot3D2112.png
c:\windows\system32\Icons\Thumbs.db
c:\windows\system32\Icons\thunderbird 3D v2 .ico
c:\windows\system32\Icons\thunderbird 3D v2 .png
c:\windows\system32\Icons\Vampire Slayer.ico
c:\windows\system32\Icons\Vampire Slayer.png
c:\windows\system32\Icons\WinZIP 8728792.ico
c:\windows\system32\Icons\WinZIP 8728792.png

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APTO6KO
-------\Legacy_CPQOKO6
-------\Service_apto6ko
-------\Service_cpqoko6


((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.

2010-03-31 02:07 . 2010-03-31 02:07 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\AVG9
2010-03-18 21:12 . 2000-03-29 06:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23 . 2010-03-14 23:23 -------- d-----w- c:\program files\Trend Micro
2010-03-14 22:36 . 2010-03-14 22:36 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Malwarebytes
2010-03-14 22:36 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36 . 2010-03-14 22:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36 . 2010-03-14 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 22:36 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:30 . 2010-03-14 22:30 15470 ----a-w- C:\backup.reg
2010-03-12 16:53 . 2010-03-12 16:53 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 16:53 . 2010-03-12 16:53 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 16:53 . 2010-03-12 16:53 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 16:53 . 2010-03-12 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 16:51 . 2010-02-16 21:43 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-12 16:51 . 2010-02-16 21:43 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-12 16:51 . 2010-02-16 21:43 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-12 16:51 . 2010-02-16 21:43 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-11 05:05 . 2009-03-27 09:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05 . 2010-03-11 05:05 -------- d-----w- c:\program files\CPUID
2010-03-05 02:42 . 2010-03-05 02:42 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Local Settings\Application Data\Nero
2010-03-04 01:45 . 2010-03-31 04:36 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 06:17 . 2010-01-27 06:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-29 00:02 . 2010-02-09 01:41 1892 ----a-w- c:\documents and settings\All Users\Application Data\xmlDD.tmp
2010-03-29 00:02 . 2010-02-09 01:41 13706 ----a-w- c:\documents and settings\All Users\Application Data\xmlDC.tmp
2010-03-29 00:02 . 2010-02-09 01:41 9036 ----a-w- c:\documents and settings\All Users\Application Data\xmlDB.tmp
2010-03-24 22:47 . 2010-01-28 03:19 -------- d-----w- c:\program files\Belkin Bulldog Plus
2010-03-12 16:53 . 2010-02-16 21:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:53 . 2010-02-16 21:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 16:52 . 2010-02-16 21:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 18:37 . 2010-01-30 05:01 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Nero
2010-02-27 06:26 . 2010-01-28 02:04 -------- d-----w- c:\program files\E-Color
2010-02-22 19:33 . 2010-01-27 22:23 -------- d-----w- c:\program files\QuickTime
2010-02-22 19:33 . 2010-01-27 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-20 03:47 . 2010-02-20 03:47 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Creative
2010-02-20 03:36 . 2010-02-20 03:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-20 03:20 . 2010-01-25 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 03:20 . 2010-02-20 02:35 -------- d-----w- c:\program files\Creative
2010-02-20 03:11 . 2010-02-20 03:09 -------- d--h--w- c:\program files\Creative Installation Information
2010-02-20 03:09 . 2010-02-20 03:09 -------- d-----w- c:\program files\Common Files\Creative
2010-02-20 02:37 . 2010-02-20 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-02-20 02:30 . 2010-02-20 02:24 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\ID3-TagIT 3
2010-02-16 21:49 . 2010-02-16 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-16 21:43 . 2010-02-16 22:04 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-16 21:43 . 2010-02-16 22:04 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-16 21:43 . 2010-02-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-16 21:39 . 2010-02-16 21:39 -------- d-----w- c:\program files\AVG
2010-02-11 05:35 . 2010-01-29 03:49 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-02-11 03:58 . 2010-02-11 03:58 -------- d-----r- c:\documents and settings\J. Anthony Hansen\Application Data\Brother
2010-02-09 18:26 . 2010-02-02 05:24 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Winamp
2010-02-09 18:12 . 2010-02-09 18:12 -------- d-----w- c:\program files\SoundSpectrum
2010-02-09 18:00 . 2010-02-02 05:24 -------- d-----w- c:\program files\Winamp
2010-02-03 09:20 . 2010-02-03 09:20 -------- d-----w- c:\program files\OO Software
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Windows Home Server
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Diskeeper Corporation
2010-02-02 21:55 . 2010-02-02 03:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-02 08:05 . 2010-01-27 07:13 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\.oit
2010-02-02 08:05 . 2010-01-27 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2010-02-02 08:03 . 2010-01-27 07:18 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\ScanSoft
2010-02-02 07:59 . 2010-02-02 07:59 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\FLEXnet
2010-02-02 07:58 . 2010-02-02 03:31 -------- d-----w- c:\program files\Common Files\efax
2010-02-02 07:11 . 2010-02-02 07:11 -------- d-----w- c:\program files\ID3-TagIT 3
2010-02-02 07:11 . 2010-02-02 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\ID3-TagIT 3
2010-02-02 07:09 . 2010-02-02 05:46 -------- d-----w- c:\program files\Copernic Agent
2010-02-02 05:50 . 2010-02-02 05:46 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Copernic
2010-02-02 05:49 . 2010-02-02 05:46 -------- d-----w- c:\program files\Common Files\Copernic
2010-02-02 05:38 . 2010-02-02 05:38 -------- d-----w- c:\program files\DFX
2010-02-02 05:38 . 2010-02-02 05:37 -------- d-----w- c:\documents and settings\All Users\Application Data\DFX
2010-02-02 05:38 . 2010-02-02 05:38 -------- d-----w- c:\program files\Common Files\DFX
2010-02-02 05:28 . 2010-02-02 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2010-02-02 05:26 . 2010-02-02 05:26 -------- d-----w- c:\program files\Winamp Remote
2010-02-02 05:24 . 2010-02-02 05:24 -------- d-----w- c:\program files\Winamp Detect
2010-02-02 05:22 . 2010-02-02 05:22 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\JAM Software
2010-02-02 05:22 . 2010-02-02 05:22 -------- d-----w- c:\program files\JAM Software
2010-02-02 05:18 . 2010-01-09 11:18 145608 ----a-w- c:\documents and settings\J. Anthony Hansen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 05:18 . 2010-02-02 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2010-02-02 05:18 . 2010-02-02 05:18 -------- d-----w- c:\program files\TechSmith
2010-02-02 05:15 . 2010-02-02 05:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlE.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlD.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlC.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlB.tmp
2010-02-02 05:12 . 2010-02-02 05:12 -------- d-----w- c:\program files\SiSoftware
2010-02-02 05:05 . 2010-02-02 05:05 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\GPSoftware
2010-02-02 05:04 . 2010-02-02 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\GPSoftware
2010-02-02 05:04 . 2010-02-02 05:04 -------- d-----w- c:\program files\GPSoftware
2010-02-02 03:30 . 2010-02-02 03:30 -------- d-----w- c:\program files\ACD Systems
2010-02-02 03:28 . 2010-02-02 03:28 -------- d-----w- c:\program files\Corel
2010-02-02 03:25 . 2010-02-02 03:25 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Share-to-Web Upload Folder
2010-02-02 03:25 . 2010-02-02 03:25 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-02-02 02:56 . 2010-02-02 02:56 -------- d-----w- c:\program files\Brownie
2010-02-02 02:55 . 2010-02-02 02:54 -------- d-----w- c:\program files\Brother
2010-02-02 02:54 . 2010-01-09 11:15 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-29 03:56 . 2010-01-29 03:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 02:03 . 2010-01-28 02:03 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:55 . 2010-01-27 22:55 503808 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\msvcp71.dll
2010-01-27 22:55 . 2010-01-27 22:55 499712 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\jmc.dll
2010-01-27 22:55 . 2010-01-27 22:55 348160 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\msvcr71.dll
2010-01-27 22:55 . 2010-01-27 22:55 61440 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f37c637-n\decora-sse.dll
2010-01-27 22:55 . 2010-01-27 22:55 12800 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f37c637-n\decora-d3d.dll
2010-01-27 22:54 . 2010-01-27 22:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\QuickTimeUninstaller_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\QuickTimePlayer_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\PictureViewer_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\ARPPRODUCTICON.exe
2010-01-25 03:36 . 2010-01-25 03:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-09 11:18 . 2010-01-09 11:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-09 11:02 . 2010-01-09 11:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-31 16:50 . 2009-09-08 19:22 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2008-04-14 12:00 . 2008-04-14 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00 . 2008-04-14 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00 . 2008-04-14 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00 . 2008-04-14 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00 . 2008-04-14 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00 . 2008-04-14 12:00 343040 --sh--w- c:\windows\system32\msvcrt.dll
2008-04-14 12:00 . 2008-04-14 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00 . 2008-04-14 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00 . 2008-04-14 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2009-06-11 271856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-02 5562368]
"nwiz"="nwiz.exe" [2005-04-02 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 46592]
"UPS-Status"="c:\program files\Belkin Bulldog Plus\UPS-Status.exe" [2006-11-15 69632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-16 39424]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 2524416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]

c:\documents and settings\J. Anthony Hansen\Start Menu\Programs\Startup\
Directory Opus.lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe [2010-2-1 7273968]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-3-16 2835816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2010-1-27 598069]
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2010-1-27 221184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2009-06-11 834032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2020:UDP"= 2020:UDP:Windows Media Format SDK (iexplore.exe)
"2021:UDP"= 2021:UDP:Windows Media Format SDK (iexplore.exe)
"8085:TCP"= 8085:TCP:OKOToGate

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [1/27/2010 6:49 PM 84529]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/24/2010 8:24 PM 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/16/2010 2:43 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/16/2010 2:44 PM 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [1/28/2010 1:06 AM 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 9:52 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 9:53 AM 308064]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2/3/2010 1:55 AM 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [2/1/2010 10:12 PM 93336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrvs REG_MULTI_SZ cpqoko6
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\1 Copernic Intra-Daily ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\2 Copernic Daily ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\3 Copernic Weekly ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\4 Copernic Monthly ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\J. Anthony Hansen\Application Data\Mozilla\Firefox\Profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=Text
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-OpAgent - OpAgent.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-30 23:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x867D81F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7892f28
\Driver\ACPI -> ACPI.sys @ 0xf76dacb8
\Driver\atapi -> atapi.sys @ 0xf766fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C -> SendCompleteHandler -> NDIS.sys @ 0xf753db0a
PacketIndicateHandler -> NDIS.sys @ 0xf7548a21
SendHandler -> NDIS.sys @ 0xf753d949
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,12,31,25,a7,84,d0,40,9e,48,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,12,31,25,a7,84,d0,40,9e,48,b4,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="F5941F57B699619505531C3FD6DCB4B221EC126648C8C632C99B27E792C7D66DACA42B74C4C1EE703617DE788E48743A3EDACEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A9C6AECB7A5D1407FCDCE23BB4CC8A2DAADBFC31EB10D61AC5E82FA3B90DD84AB52599A9671C519B0320244FF94014857471292773CB12F207E961687099B82F28D72D270DD01B5E49CAAD149F3CF10A3DF91ECD3E33E438EEB010479B0CA91BDA4C71352CA5EF456149D9959FFB9AF8ECE434BCA9D0D1025ACBB3FE9ADEDB1D3D52165C48264AF672CBB745C4BAF6337CE2F86EE6B05088B60BF53426917369D4FC83083F621E42B3C50B782EB8E6BFF968ACC079E4492C0906B16CC4258758B9A253893DEC4E1873F04C69D1BB3AC709AEC3F5BB041E706717FA9456A124661860D393C5DE358B13C7A634758CB89ADE33673459A7227A7DDC967A8A90C9B130948841B0529ED7088BF9DAB5761B28C537730753EB99970A38FC536A02EC7ED561A70C2869CBD8DAC0D843024B10071DBF77DCFE7442B4E1CF5DB5CC08F4B6712F9A572A44728E282E8AB59E5F3A7255953906056649E46A0F181DE0B8BDE3002801E58A8DBB9F24E08BE1A30BAEC5F545B13A616AD3DF20A1C3E7282E9837913CADDF6FEFC4D390A88BD5FA2B778599A18C95E5AD778012FA295B788948044A1F2652541A1D98C81A6D09E52114D6EC3FA91336E3BE45E3D1451EFB6A84C2E246A62D86414BFDB88CC8D5F7D07481B4F69F184C422A514C204ABA2F7AFA0F26EC1CC42B1DC73AE31D69F699A27F7644E535E87301AA6B16A21EA1E4624AA775932952B66700A4DCABCE900603104688EDE6B14E5F2A7E22DDD927C2D086F2457D2471F4E0D3BBCE5C2CA6CBE472A6FD33E67FCF9D01196295CB00C2F838F69DB098A284CD9A1F7617E9225039EA71371F18C54382006E5D55F349B2125B601AF8C44BD8751A14A587A250CA7C2D25DBDE935AC2D7E8D630EB09023355DFFEECE49A32B7A29204411FA564C7A8E463A46426773F6A734A0A69738EBB02AA465848C1843DA6B27C4190F672263F2F7160634F3C008BCA692D25523415DB124F35BA93D3D654202C34D5CE7419C41E3AF1D6C52A1C918DF7F03AF521DCA7E2D370169F12C78275E9BBA897C6AAC2394BCEF96F287FD6CEDA4184E3E184325D35887AA61A260DBD2D8C8BF12C34C47857014F6A006C38969E1D29D66CD348B57715C921A75ED4F9947042AFC966DACB32281B8661F6175EF1178BB91762BC13C23B2C38D8AD3D21604353DAA7C41C13D77568C85E875A16A558D6329C1F671261380E4C35A7AC9A73F70DAC34289FA5642F81E96C5C6AA0B31A79129CCBA243455D1CED2433"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(220)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\GPSoftware\Directory Opus\dopushlp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Belkin Bulldog Plus\UPS-Service.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-30 23:20:43 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-31 06:20

Pre-Run: 80,291,549,184 bytes free
Post-Run: 80,231,149,568 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - C173208B7C43EFE58CB549F615C0D43B


2nd DDS LOG


DDS (Ver_10-03-17.01) - NTFSx86
Run by J. Anthony Hansen at 23:25:41.31 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.573 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\J. Anthony Hansen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UPS-Status] c:\program files\belkin bulldog plus\UPS-Status.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j6884~1.ant\applic~1\mozilla\firefox\profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2010-1-27 84529]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-1-28 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-2-3 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-2-1 93336]

============== File Associations ===============

.txt=Text

=============== Created Last 30 ================

2010-03-31 06:07:29 0 d-sha-r- C:\cmdcons
2010-03-31 04:45:54 98816 ----a-w- c:\windows\sed.exe
2010-03-31 04:45:54 77312 ----a-w- c:\windows\MBR.exe
2010-03-31 04:45:54 261632 ----a-w- c:\windows\PEV.exe
2010-03-31 04:45:54 161792 ----a-w- c:\windows\SWREG.exe
2010-03-31 02:07:09 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\AVG9
2010-03-18 21:12:24 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23:19 0 d-----w- c:\program files\Trend Micro
2010-03-14 22:36:10 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\Malwarebytes
2010-03-14 22:36:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 22:30:05 15470 ----a-w- C:\backup.reg
2010-03-12 16:53:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05:31 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05:30 0 d-----w- c:\program files\CPUID
2010-03-04 01:45:06 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\uTorrent

==================== Find3M ====================

2010-03-12 16:53:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:52:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-11 05:35:32 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-01-28 02:03:32 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:54:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 11:02:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 23:25:51.54 ===============


2nd Attach Log


DDS (Ver_10-03-17.01) - NTFSx86
Run by J. Anthony Hansen at 23:25:41.31 on Tue 03/30/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.573 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nuance\PDF Create 5\pdfcreate5hook.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Status.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\GPSoftware\Directory Opus\dopusrt.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
C:\Program Files\E-Color\True Internet Color\TICIcon.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Nuance\NaturallySpeaking10\Program\natspeak.exe
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\J. Anthony Hansen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UPS-Status] c:\program files\belkin bulldog plus\UPS-Status.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j6884~1.ant\applic~1\mozilla\firefox\profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2010-1-27 84529]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-1-28 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-2-3 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-2-1 93336]

============== File Associations ===============

.txt=Text

=============== Created Last 30 ================

2010-03-31 06:07:29 0 d-sha-r- C:\cmdcons
2010-03-31 04:45:54 98816 ----a-w- c:\windows\sed.exe
2010-03-31 04:45:54 77312 ----a-w- c:\windows\MBR.exe
2010-03-31 04:45:54 261632 ----a-w- c:\windows\PEV.exe
2010-03-31 04:45:54 161792 ----a-w- c:\windows\SWREG.exe
2010-03-31 02:07:09 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\AVG9
2010-03-18 21:12:24 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23:19 0 d-----w- c:\program files\Trend Micro
2010-03-14 22:36:10 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\Malwarebytes
2010-03-14 22:36:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 22:30:05 15470 ----a-w- C:\backup.reg
2010-03-12 16:53:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05:31 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05:30 0 d-----w- c:\program files\CPUID
2010-03-04 01:45:06 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\uTorrent

==================== Find3M ====================

2010-03-12 16:53:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:52:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-11 05:35:32 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-01-28 02:03:32 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:54:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-09 11:02:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 23:25:51.54 ===============
RadicalSatisfaction
Active Member
 
Posts: 7
Joined: March 14th, 2010, 7:30 pm

Re: "Downloaded The Bill103 Virus: The Sequel"

Unread postby Blade81 » March 31st, 2010, 9:23 am

Hi again,

I merged your two topics into one. Please don't create a new one but post in this from now on.

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Folder::
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 19.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log. Let AVG update itself. How's the system running now?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: "Downloaded The Bill103 Virus: The Sequel"

Unread postby RadicalSatisfaction » April 3rd, 2010, 8:23 pm

Blade81,

I have been trying to finish the previous instructions since early this morning, but the online scan keeps sending an error message regarding a script on the page... this last time it went 3 hrs before i got the message & even after I tried to give it the OK to continue, it didn't do so... there is no report on the report tab to post to this topic. All the other logs are fine but I can't seem to get this one. Do you want me to post what I have? Please let me know...

Have a blessed Easter!

RadicalSatisfaction
RadicalSatisfaction
Active Member
 
Posts: 7
Joined: March 14th, 2010, 7:30 pm

Re: "Downloaded The Bill103 Virus: The Sequel"

Unread postby RadicalSatisfaction » April 4th, 2010, 1:33 am

Blade81,

I've tried to run Kaspersky 3 more times, it won't create a report or log file, although it seems the scan finishes & there are no viri or infected files (I made a .txt file of the error messages from Kaspersky & posted it here). I have also posted the other 3 requested logs... Here you go, all seems well. Thank you so very, very much for all your assistance in these frustrations of mine; you have all been an immense help! Let me know if there is anything else you would like me to do, otherwise God's blessings be with you...


ComboFix Log - 03.03.2010

ComboFix 10-04-03.01 - J. Anthony 04/03/2010 11:15:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.583 [GMT -7:00]
Running from: g:\fix facebook virus ii\ComboFix.exe
Command switches used :: c:\documents and settings\J. Anthony Hansen\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\dht.dat
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\dht.dat.old
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\resume.dat
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\resume.dat.old
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\rss.dat
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\rss.dat.old
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\settings.dat
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\settings.dat.old
c:\documents and settings\J. Anthony Hansen\Application Data\uTorrent\utorrent.lng
c:\windows\AppPatch\AcAdProc.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-02 15:54 . 2010-04-02 15:54 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-02 15:54 . 2010-04-02 15:54 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-31 07:09 . 2010-03-31 07:09 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 02:07 . 2010-03-31 02:07 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\AVG9
2010-03-18 21:12 . 2000-03-29 06:17 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23 . 2010-03-14 23:23 -------- d-----w- c:\program files\Trend Micro
2010-03-14 22:36 . 2010-03-14 22:36 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Malwarebytes
2010-03-14 22:36 . 2010-03-30 07:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36 . 2010-03-31 07:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36 . 2010-03-30 07:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36 . 2010-03-14 22:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-14 22:30 . 2010-03-14 22:30 15470 ----a-w- C:\backup.reg
2010-03-12 16:53 . 2010-03-12 16:53 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-12 16:53 . 2010-03-12 16:53 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-12 16:53 . 2010-03-12 16:53 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-12 16:53 . 2010-03-12 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05 . 2009-03-27 09:16 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05 . 2010-03-11 05:05 -------- d-----w- c:\program files\CPUID
2010-03-05 02:42 . 2010-03-05 02:42 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Local Settings\Application Data\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 18:23 . 2010-01-27 06:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-29 00:02 . 2010-02-09 01:41 1892 ----a-w- c:\documents and settings\All Users\Application Data\xmlDD.tmp
2010-03-29 00:02 . 2010-02-09 01:41 13706 ----a-w- c:\documents and settings\All Users\Application Data\xmlDC.tmp
2010-03-29 00:02 . 2010-02-09 01:41 9036 ----a-w- c:\documents and settings\All Users\Application Data\xmlDB.tmp
2010-03-24 22:47 . 2010-01-28 03:19 -------- d-----w- c:\program files\Belkin Bulldog Plus
2010-03-12 16:53 . 2010-02-16 21:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:53 . 2010-02-16 21:43 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 16:52 . 2010-02-16 21:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 18:37 . 2010-01-30 05:01 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Nero
2010-02-27 06:26 . 2010-01-28 02:04 -------- d-----w- c:\program files\E-Color
2010-02-25 06:24 . 2009-09-08 19:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 19:33 . 2010-01-27 22:23 -------- d-----w- c:\program files\QuickTime
2010-02-22 19:33 . 2010-01-27 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-02-20 03:47 . 2010-02-20 03:47 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Creative
2010-02-20 03:36 . 2010-02-20 03:36 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-20 03:20 . 2010-01-25 03:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 03:20 . 2010-02-20 02:35 -------- d-----w- c:\program files\Creative
2010-02-20 03:11 . 2010-02-20 03:09 -------- d--h--w- c:\program files\Creative Installation Information
2010-02-20 03:09 . 2010-02-20 03:09 -------- d-----w- c:\program files\Common Files\Creative
2010-02-20 02:37 . 2010-02-20 02:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2010-02-20 02:30 . 2010-02-20 02:24 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\ID3-TagIT 3
2010-02-16 21:49 . 2010-02-16 21:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-16 21:43 . 2010-02-16 21:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-16 21:39 . 2010-02-16 21:39 -------- d-----w- c:\program files\AVG
2010-02-11 05:35 . 2010-01-29 03:49 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-02-11 03:58 . 2010-02-11 03:58 -------- d-----r- c:\documents and settings\J. Anthony Hansen\Application Data\Brother
2010-02-09 18:26 . 2010-02-02 05:24 -------- d-----w- c:\documents and settings\J. Anthony Hansen\Application Data\Winamp
2010-02-09 18:12 . 2010-02-09 18:12 -------- d-----w- c:\program files\SoundSpectrum
2010-02-09 18:00 . 2010-02-02 05:24 -------- d-----w- c:\program files\Winamp
2010-02-03 09:20 . 2010-02-03 09:20 -------- d-----w- c:\program files\OO Software
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Common Files\Diskeeper Corporation
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Diskeeper Corporation
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Windows Home Server
2010-02-03 08:55 . 2010-02-03 08:55 -------- d-----w- c:\program files\Diskeeper Corporation
2010-02-02 21:55 . 2010-02-02 03:24 -------- d-----w- c:\program files\Hewlett-Packard
2010-02-02 05:18 . 2010-01-09 11:18 145608 ----a-w- c:\documents and settings\J. Anthony Hansen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlE.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlD.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlC.tmp
2010-02-02 05:14 . 2010-02-02 05:14 0 ----a-w- c:\documents and settings\All Users\Application Data\xmlB.tmp
2010-01-29 03:56 . 2010-01-29 03:56 0 ----a-w- c:\windows\nsreg.dat
2010-01-28 02:03 . 2010-01-28 02:03 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-27 22:55 . 2010-01-27 22:55 503808 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\msvcp71.dll
2010-01-27 22:55 . 2010-01-27 22:55 499712 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\jmc.dll
2010-01-27 22:55 . 2010-01-27 22:55 348160 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6c27d37e-n\msvcr71.dll
2010-01-27 22:55 . 2010-01-27 22:55 61440 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f37c637-n\decora-sse.dll
2010-01-27 22:55 . 2010-01-27 22:55 12800 ----a-w- c:\documents and settings\J. Anthony Hansen\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-3f37c637-n\decora-d3d.dll
2010-01-27 22:54 . 2010-01-27 22:54 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\QuickTimeUninstaller_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\QuickTimePlayer_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\PictureViewer_ico.exe
2010-01-27 22:23 . 2010-01-27 22:23 22486 ----a-r- c:\documents and settings\J. Anthony Hansen\Application Data\Microsoft\Installer\{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}\ARPPRODUCTICON.exe
2010-01-25 03:36 . 2010-01-25 03:24 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-09 11:18 . 2010-01-09 11:04 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-09 11:02 . 2010-01-09 11:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00 . 2008-04-14 12:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00 . 2008-04-14 12:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00 . 2008-04-14 12:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00 . 2008-04-14 12:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00 . 2008-04-14 12:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00 . 2008-04-14 12:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00 . 2008-04-14 12:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00 . 2008-04-14 12:00 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-03-31_06.17.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-20 03:37 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2010-02-20 03:37 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2009-03-08 12:31 . 2010-02-25 06:24 55296 c:\windows\system32\msfeedsbs.dll
- 2009-03-08 12:31 . 2009-12-21 19:14 55296 c:\windows\system32\msfeedsbs.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\jsproxy.dll
- 2010-01-09 11:25 . 2009-12-21 19:14 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-09 11:25 . 2010-02-25 06:24 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-09 11:25 . 2010-02-25 06:24 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2010-01-09 11:25 . 2009-12-21 19:14 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 12800 c:\windows\ie8updates\KB980182-IE8\xpshims.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 55296 c:\windows\ie8updates\KB980182-IE8\msfeedsbs.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\occache.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
- 2008-04-14 12:00 . 2009-03-08 12:32 611840 c:\windows\system32\mstime.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
- 2009-03-08 12:32 . 2009-12-21 19:14 594432 c:\windows\system32\msfeeds.dll
+ 2009-03-08 12:32 . 2010-02-25 06:24 594432 c:\windows\system32\msfeeds.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\iepeers.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
- 2008-04-14 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\ie4uinit.exe
+ 2009-09-08 19:22 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
- 2009-09-08 19:22 . 2009-12-21 19:14 916480 c:\windows\system32\dllcache\wininet.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
- 2008-04-14 12:00 . 2009-03-08 12:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-01-09 11:25 . 2010-02-25 06:24 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2010-01-09 11:25 . 2009-12-21 19:14 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-09 11:25 . 2010-02-25 06:24 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
- 2008-04-14 12:00 . 2009-12-21 19:14 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-04-14 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-04-14 12:00 . 2009-12-21 13:19 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-01 02:22 . 2009-12-21 19:14 916480 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-01 02:22 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-01 02:22 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-04-01 02:22 . 2009-12-21 19:14 206848 c:\windows\ie8updates\KB980182-IE8\occache.dll
+ 2010-04-01 02:22 . 2009-03-08 12:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 594432 c:\windows\ie8updates\KB980182-IE8\msfeeds.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 246272 c:\windows\ie8updates\KB980182-IE8\ieproxy.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 184320 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 387584 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-04-01 02:22 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2009-09-08 19:22 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2009-09-08 19:22 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2009-03-08 12:32 . 2010-02-25 06:24 1985536 c:\windows\system32\iertutil.dll
- 2009-03-08 12:32 . 2009-12-21 19:14 1985536 c:\windows\system32\iertutil.dll
+ 2009-09-08 19:22 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2009-09-08 19:22 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-09 11:25 . 2010-02-25 06:24 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2010-01-09 11:25 . 2009-12-21 19:14 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 1208832 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 5942784 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 1985536 c:\windows\ie8updates\KB980182-IE8\iertutil.dll
+ 2009-03-08 12:39 . 2010-02-25 18:54 11070976 c:\windows\system32\ieframe.dll
+ 2010-01-09 11:25 . 2010-02-25 18:54 11070976 c:\windows\system32\dllcache\ieframe.dll
+ 2010-04-01 02:22 . 2009-12-21 19:14 11070464 c:\windows\ie8updates\KB980182-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 21:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Directory Opus Desktop Dblclk"="c:\program files\GPSoftware\Directory Opus\dopusrt.exe" [2009-06-11 271856]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-02 5562368]
"nwiz"="nwiz.exe" [2005-04-02 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-02 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"imekrmig7.0"="c:\program files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE" [2007-04-19 25440]
"IMSCMig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2007-04-03 17248]
"CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-23 66400]
"PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-23 98656]
"IMJPMIG9.0"="c:\progra~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE" [2007-04-19 125792]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"PDFHook"="c:\program files\Nuance\PDF Create 5\pdfcreate5hook.exe" [2009-04-10 1277952]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Create 5\RegistryController.exe" [2008-12-13 58656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-05-10 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-05-10 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"SoundMan"="SOUNDMAN.EXE" [2002-08-15 46592]
"UPS-Status"="c:\program files\Belkin Bulldog Plus\UPS-Status.exe" [2006-11-15 69632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-12-16 39424]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 2524416]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-02-16 417792]

c:\documents and settings\J. Anthony Hansen\Start Menu\Programs\Startup\
Directory Opus.lnk - c:\program files\GPSoftware\Directory Opus\dopus.exe [2010-2-1 7273968]
Dragon NaturallySpeaking.lnk - c:\program files\Nuance\NaturallySpeaking10\Program\natspeak.exe [2009-3-16 2835816]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]
SATARaid.lnk - c:\program files\Silicon Image\SiISATARaid\SATARaid.exe [2010-1-27 598069]
True Internet Color Icon.lnk - c:\program files\E-Color\True Internet Color\TICIcon.exe [2010-1-27 221184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"= "c:\program files\GPSoftware\Directory Opus\dopuslib.dll" [2009-06-11 834032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-12 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0autocheck OODBS\0OODBS

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\WNt500x86\\sandra.mui"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Business 2010\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2020:UDP"= 2020:UDP:Windows Media Format SDK (iexplore.exe)
"2021:UDP"= 2021:UDP:Windows Media Format SDK (iexplore.exe)
"8085:TCP"= 8085:TCP:OKOToGate

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [1/27/2010 6:49 PM 84529]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/24/2010 8:24 PM 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/16/2010 2:43 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/16/2010 2:44 PM 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [1/28/2010 1:06 AM 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/12/2010 9:52 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/12/2010 9:53 AM 308064]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2/3/2010 1:55 AM 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Business 2010\RpcAgentSrv.exe [2/1/2010 10:12 PM 93336]
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\1 Copernic Intra-Daily ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\2 Copernic Daily ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\3 Copernic Weekly ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-02-02 c:\windows\Tasks\4 Copernic Monthly ~BUSINESS1 J Anthony Hansen.job
- c:\program files\Copernic Agent\CopernicAgent.exe [2010-02-02 03:16]

2010-03-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
.
------- Supplementary Scan -------
.
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Create 5\Bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\COPERN~1\COPERN~1.DLL
FF - ProfilePath - c:\documents and settings\J. Anthony Hansen\Application Data\Mozilla\Firefox\Profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-03 11:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8676C1F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7892f28
\Driver\ACPI -> ACPI.sys @ 0xf76dacb8
\Driver\atapi -> atapi.sys @ 0xf766fb40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: 3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C -> SendCompleteHandler -> NDIS.sys @ 0xf753db0a
PacketIndicateHandler -> NDIS.sys @ 0xf7548a21
SendHandler -> NDIS.sys @ 0xf753d949
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,12,31,25,a7,84,d0,40,9e,48,b4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f6,12,31,25,a7,84,d0,40,9e,48,b4,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="F5941F57B699619505531C3FD6DCB4B221EC126648C8C632C99B27E792C7D66DACA42B74C4C1EE703617DE788E48743A3EDACEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A9C6AECB7A5D1407FCDCE23BB4CC8A2DAADBFC31EB10D61AC5E82FA3B90DD84AB52599A9671C519B0320244FF94014857471292773CB12F207E961687099B82F28D72D270DD01B5E49CAAD149F3CF10A3DF91ECD3E33E438EEB010479B0CA91BDA4C71352CA5EF456149D9959FFB9AF8ECE434BCA9D0D1025ACBB3FE9ADEDB1D3D52165C48264AF672CBB745C4BAF6337CE2F86EE6B05088B60BF53426917369D4FC83083F621E42B3C50B782EB8E6BFF968ACC079E4492C0906B16CC4258758B9A253893DEC4E1873F04C69D1BB3AC709AEC3F5BB041E706717FA9456A124661860D393C5DE358B13C7A634758CB89ADE33673459A7227A7DDC967A8A90C9B130948841B0529ED7088BF9DAB5761B28C537730753EB99970A38FC536A02EC7ED561A70C2869CBD8DAC0D843024B10071DBF77DCFE7442B4E1CF5DB5CC08F4B6712F9A572A44728E282E8AB59E5F3A7255953906056649E46A0F181DE0B8BDE3002801E58A8DBB9F24E08BE1A30BAEC5F545B13A616AD3DF20A1C3E7282E9837913CADDF6FEFC4D390A88BD5FA2B778599A18C95E5AD778012FA295B788948044A1F2652541A1D98C81A6D09E52114D6EC3FA91336E3BE45E3D1451EFB6A84C2E246A62D86414BFDB88CC8D5F7D07481B4F69F184C422A514C204ABA2F7AFA0F26EC1CC42B1DC73AE31D69F699A27F7644E535E87301AA6B16A21EA1E4624AA775932952B66700A4DCABCE900603104688EDE6B14E5F2A7E22DDD927C2D086F2457D2471F4E0D3BBCE5C2CA6CBE472A6FD33E67FCF9D01196295CB00C2F838F69DB098A284CD9A1F7617E9225039EA71371F18C54382006E5D55F349B2125B601AF8C44BD8751A14A587A250CA7C2D25DBDE935AC2D7E8D630EB09023355DFFEECE49A32B7A29204411FA564C7A8E463A46426773F6A734A0A69738EBB02AA465848C1843DA6B27C4190F672263F2F7160634F3C008BCA692D25523415DB124F35BA93D3D654202C34D5CE7419C41E3AF1D6C52A1C918DF7F03AF521DCA7E2D370169F12C78275E9BBA897C6AAC2394BCEF96F287FD6CEDA4184E3E184325D35887AA61A260DBD2D8C8BF12C34C47857014F6A006C38969E1D29D66CD348B57715C921A75ED4F9947042AFC966DACB32281B8661F6175EF1178BB91762BC13C23B2C38D8AD3D21604353DAA7C41C13D77568C85E875A16A558D6329C1F671261380E4C35A7AC9A73F70DAC34289FA5642F81E96C5C6AA0B31A79129CCBA243455D1CED2433"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1104)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\GPSoftware\Directory Opus\dopushlp.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\OO Software\Defrag\oodag.exe
c:\program files\Belkin Bulldog Plus\UPS-Service.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-04-03 11:27:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-03 18:27
ComboFix2.txt 2010-03-31 06:20

Pre-Run: 77,666,955,264 bytes free
Post-Run: 77,627,387,904 bytes free

- - End Of File - - 262C6D387E5395081C48A56D745EBB35


Kaspersky Error Log - 03.03.2010

At 39% complete Kaspersky displayed the following:

A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: http://www.kaspersky.com/kos/eng/partne ... ipt.js:225


At 60% complete Kaspersky displayed the following:

A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: http://www.kaspersky.com/kos/eng/partne ... ipt.js:123


DDS Log - 03.03.2010


DDS (Ver_10-03-17.01) - NTFSx86
Run by J. Anthony at 22:13:16.37 on Sat 04/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1024.606 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\DOCUME~1\J6884~1.ANT\LOCALS~1\TEMP\DTEMP-47BFE683387046-60.DOP\PROCEXP.EXE
svchost.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Belkin Bulldog Plus\UPS-Service.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\J. Anthony Hansen\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: N/A: {be89472c-b803-4d1d-9a9a-0a63660e0fe3} - c:\progra~1\copern~1\COPERN~1.DLL
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: Copernic Agent: {f2e259e8-0fc8-438c-a6e0-342dd80fa53e} - c:\progra~1\copern~1\COPERN~1.DLL
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Directory Opus Desktop Dblclk] "c:\program files\gpsoftware\directory opus\dopusrt.exe" /dblclk
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [imekrmig7.0] "c:\program files\common files\microsoft shared\ime\imkr7\IMEKRMIG.EXE"
mRun: [IMSCMig] c:\progra~1\common~1\micros~1\ime\imsc40a\IMSCMIG.EXE /Preload
mRun: [CJIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\changjie\CINTLCFG.EXE /CJIMETIPSync
mRun: [PHIMETIPSYNC] c:\program files\common files\microsoft shared\ime\imtc65\phonetic\TINTLCFG.EXE /PHIMETIPSync
mRun: [IMJPMIG9.0] c:\progra~1\common~1\micros~1\ime\imjp9\IMJPMIG.EXE /Preload /Migration32
mRun: [Nuance OmniPage 17-reminder] "c:\program files\nuance\omnipage17\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\omnipage 17\ereg\Ereg.ini"
mRun: [PDFHook] c:\program files\nuance\pdf create 5\pdfcreate5hook.exe
mRun: [PDF5 Registry Controller] c:\program files\nuance\pdf create 5\RegistryController.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [UPS-Status] c:\program files\belkin bulldog plus\UPS-Status.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [OODefragTray] c:\program files\oo software\defrag\oodtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\direct~1.lnk - c:\program files\gpsoftware\directory opus\dopus.exe
StartupFolder: c:\docume~1\j6884~1.ant\startm~1\programs\startup\dragon~1.lnk - c:\program files\nuance\naturallyspeaking10\program\natspeak.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office11\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - c:\program files\silicon image\siisataraid\SATARaid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\truein~1.lnk - c:\program files\e-color\true internet color\TICIcon.exe
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf create 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\copern~1\COPERN~1.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDow ... ab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\copern~1\COPERN~1.DLL
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
IFEO: taskmgr.exe - "c:\docume~1\j6884~1.ant\locals~1\temp\dtemp-47bfe683387046-60.dop\PROCEXP.EXE"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\j6884~1.ant\applic~1\mozilla\firefox\profiles\qb9fynsd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/sear ... -web_us&p=
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\Si3112r.sys [2010-1-27 84529]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-16 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-16 29512]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-16 242696]
R2 Ast Service;Ast Service;c:\windows\system32\AstSrv.exe [2010-1-28 57344]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-10 12672]
S3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-2-3 41120]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business 2010\RpcAgentSrv.exe [2010-2-1 93336]

============== File Associations ===============

.txt=Text

=============== Created Last 30 ================

2010-04-03 19:08:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-04-03 19:07:20 0 d-----w- c:\windows\system32\appmgmt
2010-03-31 06:07:29 0 d-sha-r- C:\cmdcons
2010-03-31 04:45:54 98816 ----a-w- c:\windows\sed.exe
2010-03-31 04:45:54 77312 ----a-w- c:\windows\MBR.exe
2010-03-31 04:45:54 261632 ----a-w- c:\windows\PEV.exe
2010-03-31 04:45:54 161792 ----a-w- c:\windows\SWREG.exe
2010-03-31 02:07:09 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\AVG9
2010-03-18 21:12:24 5824 ----a-w- c:\windows\system32\drivers\ASUSHWIO.SYS
2010-03-14 23:23:19 0 d-----w- c:\program files\Trend Micro
2010-03-14 22:36:10 0 d-----w- c:\docume~1\j6884~1.ant\applic~1\Malwarebytes
2010-03-14 22:36:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 22:36:04 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 22:36:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-14 22:36:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-14 22:30:05 15470 ----a-w- C:\backup.reg
2010-03-12 16:53:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-11 05:05:31 12672 ----a-w- c:\windows\system32\drivers\cpuz132_x32.sys
2010-03-11 05:05:30 0 d-----w- c:\program files\CPUID

==================== Find3M ====================

2010-04-03 19:08:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 16:53:10 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-12 16:52:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\wininet.dll
2010-02-11 05:35:32 180222 ----a-w- c:\windows\Morris Proctor Seminars Quick Files for Libronix Uninstaller.exe
2010-01-28 02:03:32 876803 ----a-w- c:\windows\system32\ASUS Features.scr
2010-01-09 11:02:08 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-04-14 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 12:00:00 50688 --sh--w- c:\windows\twain_32.dll
2008-04-14 12:00:00 1028096 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 12:00:00 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 12:00:00 413696 --sh--w- c:\windows\system32\msvcp60.dll
2008-04-14 12:00:00 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 12:00:00 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 12:00:00 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 22:13:38.87 ===============


Attach Log - 03.03.2010


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/9/2010 3:08:20 AM
System Uptime: 4/3/2010 7:14:42 PM (3 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4G8X
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | PGA 478 | 2533/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 72.158 GiB free.
G: is Removable
Y: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP136: 3/31/2010 12:08:33 AM - Avg Update
RP137: 3/31/2010 7:21:55 PM - Software Distribution Service 3.0
RP138: 4/1/2010 8:22:03 PM - System Checkpoint
RP139: 4/2/2010 8:54:58 AM - Avg Update
RP140: 4/2/2010 8:56:54 AM - Avg Update
RP141: 4/3/2010 10:33:45 AM - System Checkpoint
RP142: 4/3/2010 12:07:05 PM - Removed Java(TM) 6 Update 18
RP143: 4/3/2010 12:08:03 PM - Installed Java(TM) 6 Update 19

==== Installed Programs ======================

ACDSee
ACT!
Adobe Audition 3.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Advertising Center
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
ASCOM Platform 4.1
ASUS Features
ASUS Probe V2.19.00
AsusUpdate
Avance AC'97 Audio
AVG Free 9.0
Batch Update
Belkin Bulldog Plus
Bible Data Type System Files
Brother HL-5040
C-Dilla Licence Management System
CFA's DizNfo
ClassicPro© v1.14
Clause Visualizer
Common System Files
Copernic Agent Professional
Corel Applications
CPUID CPU-Z 1.53.1
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN Vision M Series
DFX for Winamp
Diskeeper 2010 Pro Premier
DolbyFiles
Dragon NaturallySpeaking 10
GPSoftware Directory Opus
Graphical Query Editor
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Photo Printing Software
HP Precisionscan Pro 3.1
ID3-TagIT 3
ImagXpress
Intel Application Accelerator
Java Auto Updater
Java(TM) 6 Update 19
Learning Essentials for Microsoft Office
Lernout & Hauspie TruVoice American English TTS Engine
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
Libronix Update
LLS Resource Driver
Malwarebytes' Anti-Malware
Menu Templates - Starter Kit
MetaStock 11.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Math
Microsoft Office 2003 Proofing Tools
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Student 2007 for Learning Essentials
Microsoft Student with Encarta Premium 2009
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Morris Proctor Seminars Quick Files for Libronix
Movie Templates - Starter Kit
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
Nero 9 Trial
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero DiscSpeed
Nero DriveSpeed
Nero InfoTool
Nero Installer
Nero Live
Nero PhotoSnap
Nero Recode
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero Vision
Nero WaveEditor
NeroBurningROM
NeroExpress
NeroLiveGadget
neroxml
NetObjects Fusion 5.0
Nuance OmniPage 17
Nuance PDF Create! 5
NVIDIA Drivers
O&O Defrag Professional
OEB Resource Driver
Oxford English Dictionary
PDF Resource Driver
Quicken 2010
QuickTime
SATARaid
ScanSoft PaperPort 11
Scansoft PDF Create
Scripture Memory System
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Sentence Diagramming
SiSoftware Sandra Professional Business 2010
Snagit 9.1.2
SoundTrax
Spelling Dictionaries Support For Adobe Reader 9
Starry Night Pro Plus 6
System Requirements Lab
TreeSize Professional 5.3.1
True Internet Color
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB973687)
UPS Power Management for Windows 2000
Video Resource Driver
Visual C++ Runtime for Dragon NaturallySpeaking
Voice Editor
WebFldrs XP
WhiteCap
Winamp
Winamp Application Detect
Winamp Essentials Pack
Winamp Remote
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip 14.0
Z 39.50 Library
ZENcast Organizer

==== Event Viewer Messages From Past Week ========

3/30/2010 9:40:42 PM, error: Service Control Manager [7034] - The O&O Defrag service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 9:40:35 PM, error: Service Control Manager [7034] - The UPS - UPSentry Service service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 9:40:29 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 2 time(s).
3/30/2010 7:40:07 AM, error: PlugPlayManager [12] - The device 'Maxtor 4G120J6' (IDE\DiskMaxtor_4G120J6__________________________GAK819K0\5&e088e23&0&0.0.0) disappeared from the system without first being prepared for removal.
3/30/2010 7:40:06 AM, error: IdeChnDr [9] - The device, \Device\Ide\IdeDeviceP1T0L0, did not respond within the timeout period.
3/30/2010 11:29:35 AM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 11:29:29 AM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 11:29:24 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 11:29:21 AM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
3/30/2010 11:11:39 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
3/30/2010 11:07:13 PM, error: Service Control Manager [7034] - The C-DillaSrv service terminated unexpectedly. It has done this 1 time(s).
3/29/2010 12:13:40 PM, error: Service Control Manager [7031] - The Mass Driver Sentinel Service Call Browser Device Packet service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

==== End Of File ===========================
RadicalSatisfaction
Active Member
 
Posts: 7
Joined: March 14th, 2010, 7:30 pm

Re: "Downloaded The Bill103 Virus: The Sequel"

Unread postby Blade81 » April 4th, 2010, 7:16 am

Hi,

If the final results of Kaspersky came back clean then it should be ok. If there're no other issues left then it's time for the final steps :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


Please download OTC and save it to desktop.
  • Double-click OTC.exe.
  • Click the CleanUp! button.
  • Select Yes when the
    Begin cleanup Process?
    prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    1. Click the start button (at the lower left hand corner of your screen)
    2. Click run
    3. In the dialog box, type services.msc
    4. hit enter, then locate dns client
    5. Highlight it, then double-click it.
    6. On the dropdown box, change the setting from automatic to manual.
    7. Click ok
  • Run Secunia vulnerability check here and fix its findings.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation Install Comodo HopSurf.., Make Comodo my default search provider and Make Comodo Search my homepage and install firewall ONLY!). Both providers have support forums that help with configuration related questions.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: "Downloaded The Bill103 Virus: The Sequel"

Unread postby NonSuch » April 8th, 2010, 2:22 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware