Free Malware Removal Forum

by **Mossydog** » March 10th, 2011, 12:53 am

Hi, I am hoping that someone can take a look at my Hijack This log and tell me what is going on with this computer, and tell me what other software I should use to scan for malware.

Last week my husband said that he had to reboot about 3 times before he could log onto the computer, and it was acting weird. Then I get a call that my credit card number was used in the UK, then Facebook won't let me on and says that my account was used in Rochester NY. Then when I tried to check into my bank account I had to go through their identity check. So I updated all of my anti-spyware, anti-malware programs and anything else I could think of. Did several scans and yes things were found and removed. Then updated again and ran more scans, even an online TrendMico scan and so far everything has come back clean. BUT... this computer is still acting slow, startup is taking forever, Opera keeps having a dll file missing and for awhile so did AVG. Also keeps freezing up for no reason.
Thanks for any help you can give, Mossydog

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:25:35 PM, on 3/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\OEM13Mon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\The Moss Family\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://g.msn.com/USSMB/1
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {9FB232C5-6909-4F81-99B4-BAB4998940F2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/stg_drm.ocx
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/armhelper.ocx
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: O2FLASH - O2Micro International - C:\WINDOWS\system32\DRIVERS\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe

--
End of file - 15816 bytes

by **Dakeyras** » March 10th, 2011, 7:30 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi.

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Safety Advice:

A most unfortunate serious of events you have described and you have my up-most sympathy. Since you do use online banking with the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation if you have not done so.

Also be prepared as ultimately I may have to advise a reformat and reinstallation of the Windows Operating System.

Next:

You mentioned you ran several scans with the Security software installed...It would be advantageous for myself if I can review the aforementioned scan results(logs) that removed the initial infections if still available. If in they event they are not merely inform myself and we will go from there, thank you.

by **Mossydog** » March 10th, 2011, 2:13 pm

Hi Dakeyras,
thanks for getting back to me so quickly. Changing my passwords was one of the first things I did. I have MS and can't hold onto a pen very well to write checks, so I just started using online banking in the past year. So this invasion makes me very cranky.
The programs that I had updated and ran were Malwarebytes, SuperAntispyware, AVG Anti-virus, and then the online scan at TrendMicro. I also ran Spybot S&D but it didn't find anything. Below are the log files for those scans that did find problems. I ran them again after they cleaned up the computer and all said that nothing was found.

Malwarebytes Scan results ...

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 5935

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/2/2011 12:33:08 PM
mbam-log-2011-03-02 (12-33-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 342392
Time elapsed: 1 hour(s), 20 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Here is the SuperAntispyware scan results ..

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/02/2011 at 02:07 PM

Application Version : 4.49.1000

Core Rules Database Version : 6516
Trace Rules Database Version: 4328

Scan type : Complete Scan
Total Scan Time : 01:24:45

Memory items scanned : 659
Memory threats detected : 0
Registry items scanned : 7070
Registry threats detected : 0
File items scanned : 169071
File threats detected : 9

Adware.Tracking Cookie
a.ads2.msads.net [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
accounts.key.com [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
ads2.msads.net [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
b.ads2.msads.net [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
ia.media-imdb.com [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
msnbcmedia.msn.com [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]
secure-us.imrworldwide.com [ C:\Documents and Settings\The Moss Family\Application Data\Macromedia\Flash Player\#SharedObjects\HDXRTM3M ]

Trojan.Agent/Gen-Krpytik
C:\DOCUMENTS AND SETTINGS\THE MOSS FAMILY\DESKTOP\BLACK HD STUFF TO GO THRU TO DELETE\ANGELA\WINEM\BACKUP\WEMCB632.DLL

Trojan.Agent/Gen-FakeAlert[RnGlobal]

Here is the AVG Anti-virus scan results...

"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.feeeeb46";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.8642c85d";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.18a1d1b2";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt";"Found Tracking cookie.Revsci";"Healed"

C:\PROGRAM FILES\OPERA\OPERA.DLL

Here is the AVG Anti-virus scan for last night. seems to find a bunch of tracking cookies.

"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@revsci[1].txt";"Found Tracking cookie.Revsci";"Healed"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@liveperson[1].txt:\liveperson.net.8db0737c";"Found Tracking cookie.Liveperson";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Cookies\the_moss_family@liveperson[1].txt";"Found Tracking cookie.Liveperson";"Healed"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.f462b69f";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.f1d14556";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.ce59db3e";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.c1dd09f2";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.a5b6a132";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.27f1639b";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\zedo.com.14a38114";"Found Tracking cookie.Zedo";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\tribalfusion.com.dcc03271";"Found Tracking cookie.Tribalfusion";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\trafficmp.com.ffee88b3";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\trafficmp.com.f3e5803e";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\trafficmp.com.a00e30b4";"Found Tracking cookie.Trafficmp";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\revsci.net.cf106baa";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\revsci.net.50e13b1b";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\revsci.net.44927ec";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\revsci.net.2df99d79";"Found Tracking cookie.Revsci";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\pointroll.com.f2d5a6f6";"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\pointroll.com.72c0abc9";"Found Tracking cookie.Pointroll";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\liveperson.net.8db0737c";"Found Tracking cookie.Liveperson";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\liveperson.net.8db0737c";"Found Tracking cookie.Liveperson";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\fastclick.net.c38980e4";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\fastclick.net.94ca190b";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\fastclick.net.8a6435e9";"Found Tracking cookie.Fastclick";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.987e6b46";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.8c65eddd";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.80ad4799";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.650648e8";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.350339d4";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.2d37ad26";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\casalemedia.com.1773afc";"Found Tracking cookie.Casalemedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\advertising.com.f62113d5";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\advertising.com.b624fa46";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\advertising.com.525a5fb9";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\advertising.com.203aa218";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\advertising.com.1820df7a";"Found Tracking cookie.Advertising";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.e626e6be";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.b68f2b7b";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.557bf2b0";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\ad.yieldmanager.com.539b0606";"Found Tracking cookie.Yieldmanager";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\2o7.net.421018d1";"Found Tracking cookie.2o7";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat:\247realmedia.com.855b46d";"Found Tracking cookie.247realmedia";"Moved to Virus Vault"
"";"C:\Documents and Settings\The Moss Family\Application Data\Opera\Opera\cookies4.dat";"Found Tracking cookie.247realmedia";"Healed"

by **Dakeyras** » March 10th, 2011, 9:51 pm

Hi.

thanks for getting back to me so quickly

You're welcome and thanks for the update. Lets proceed as follows shall we.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

Double-click on SecurityCheck.exe[/B then follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called [b]checkup.txt
Please post the contents of that document in your next reply.

Scan with DDS:

Please download DDS and save it to your Desktop from here.

Alternate downloads are here or here.

Disable any script blocker, and then double click on DDS to run the tool.
When done, DDS will open two logs:
DDS.txt <-- Will be opened
Attach.txt <-- Will be minimised
Save both reports to your desktop.
Please post the contents of these two Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
SecurityCheck Log.
Both DDS logs. <-- Post them individually please, IE: one Log per post/reply.

by **Mossydog** » March 11th, 2011, 5:09 pm

Hi Dakeyras,
well the computer seems to be acting okay, although IE8 has frozen a few times for no apparent reason so I am using Opera.
this post contains the log file for the Security Application Check.

Results of screen317's Security Check version 0.99.9
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
AVG 2011
ZoneAlarm
ZoneAlarm Toolbar
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
WinPatrol 2009
Malwarebytes' Anti-Malware
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
WinPatrol winpatrol.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
BillP Studios WinPatrol winpatrol.exe
Zone Labs ZoneAlarm zlclient.exe
``````````End of Log````````````

by **Mossydog** » March 11th, 2011, 5:11 pm

Here is the first of the DDS logs.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by The Moss Family at 8:48:03.57 on Fri 03/11/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3033.2270 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\xpv10_6147v005\wdm\stacsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\OEM13Mon.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\The Moss Family\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://msn.com/
uSearch Page = hxxp://www.live.com
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {9FB232C5-6909-4F81-99B4-BAB4998940F2}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/armhelper.ocx
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-4-28 532224]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-2-15 26872]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-2-15 488952]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-11-26 112512]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [2009-11-26 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [2009-11-26 41760]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2009-11-26 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2009-11-26 235840]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-9 136176]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\norton internet security\engine\16.0.0.125\ccsvchst.exe" /s "norton internet security" /m "c:\program files\norton internet security\engine\16.0.0.125\dimaster.dll" /prefetch:1 --> c:\program files\norton internet security\engine\16.0.0.125\ccSvcHst.exe [?]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-3-2 517448]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090926.002\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090926.002\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090926.002\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090926.002\NAVEX15.SYS [?]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [2009-11-26 141376]
.
=============== Created Last 30 ================
.
2011-03-04 19:56:13 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-03-04 19:56:13 -------- d-----w- c:\docume~1\themos~1\locals~1\applic~1\ZoneAlarm_Security
2011-02-11 22:58:50 -------- d-----w- c:\program files\GPSBabel
2011-02-11 21:48:21 -------- d-----w- c:\program files\Bushnell
.
==================== Find3M ====================
.
2011-02-19 01:28:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:14:45 1864064 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59:19 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59:19 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:26 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 8:49:16.23 ===============

by **Mossydog** » March 11th, 2011, 5:18 pm

here is the last DDS file. The program said that I should zip the file and attach it to the post, so here goes.
Again, thanks for taking the time to look at these files. Mossydog

Attach.zip

by **Dakeyras** » March 11th, 2011, 5:34 pm

Hi.

Mossydog wrote:here is the last DDS file. The program said that I should zip the file and attach it to the post, so here goes.
Again, thanks for taking the time to look at these files. Mossydog

Your're welcome! Aye DDS does state that but I did ask for the log to be posted actually...Reason being this forum is predominately a training establishment and it is advantageous for all to be able to review all logs. No harm done however I will further add and I will reply back in due course. :thumbup:

--------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/4/2009 11:31:38 AM
System Uptime: 3/11/2011 7:46:01 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0C145T
Processor: Intel(R) Core(TM)2 Duo CPU P7570 @ 2.26GHz | U2E1 | 2261/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 298 GiB total, 236.293 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP276: 12/9/2010 10:57:17 AM - Removed AVG 2011
RP277: 12/16/2010 9:24:01 AM - System Checkpoint
RP278: 12/17/2010 5:16:09 PM - System Checkpoint
RP279: 12/19/2010 12:56:40 PM - System Checkpoint
RP280: 12/20/2010 12:06:29 AM - Software Distribution Service 3.0
RP281: 12/21/2010 2:26:19 PM - System Checkpoint
RP282: 12/22/2010 4:16:55 PM - Software Distribution Service 3.0
RP283: 12/23/2010 4:33:17 PM - System Checkpoint
RP284: 12/24/2010 5:15:36 PM - System Checkpoint
RP285: 12/26/2010 12:39:28 PM - System Checkpoint
RP286: 12/27/2010 6:51:10 PM - System Checkpoint
RP287: 12/28/2010 9:53:02 PM - System Checkpoint
RP288: 12/30/2010 11:41:05 AM - System Checkpoint
RP289: 1/3/2011 8:17:01 PM - System Checkpoint
RP290: 1/5/2011 9:57:43 AM - System Checkpoint
RP291: 1/6/2011 2:15:55 PM - System Checkpoint
RP292: 1/7/2011 5:42:53 PM - System Checkpoint
RP293: 1/9/2011 12:04:20 AM - System Checkpoint
RP294: 1/10/2011 3:33:59 PM - System Checkpoint
RP295: 1/11/2011 4:07:51 PM - System Checkpoint
RP296: 1/12/2011 12:12:05 AM - Software Distribution Service 3.0
RP297: 1/13/2011 10:59:39 AM - System Checkpoint
RP298: 1/15/2011 11:59:52 AM - System Checkpoint
RP299: 1/16/2011 1:02:18 PM - System Checkpoint
RP300: 1/17/2011 3:57:57 PM - System Checkpoint
RP301: 1/18/2011 8:23:46 PM - System Checkpoint
RP302: 1/19/2011 6:07:53 PM - Installed Magellan Communicator
RP303: 1/21/2011 12:17:55 PM - System Checkpoint
RP304: 1/22/2011 1:21:37 PM - System Checkpoint
RP305: 1/23/2011 8:40:00 PM - System Checkpoint
RP306: 1/24/2011 8:47:40 PM - System Checkpoint
RP307: 1/26/2011 2:36:35 PM - System Checkpoint
RP308: 1/27/2011 6:26:41 PM - System Checkpoint
RP309: 1/28/2011 7:44:53 PM - System Checkpoint
RP310: 1/30/2011 8:35:23 PM - System Checkpoint
RP311: 1/30/2011 10:14:55 PM - Installed ArcGIS Explorer
RP312: 2/1/2011 1:53:25 PM - System Checkpoint
RP313: 2/2/2011 7:31:23 PM - System Checkpoint
RP314: 2/4/2011 10:53:44 AM - System Checkpoint
RP315: 2/5/2011 6:45:31 PM - System Checkpoint
RP316: 2/7/2011 1:39:51 PM - System Checkpoint
RP317: 2/8/2011 7:31:24 PM - System Checkpoint
RP318: 2/10/2011 3:30:58 PM - System Checkpoint
RP319: 2/11/2011 1:48:20 PM - Installed Bushnell GPS PC Companion V2.2
RP320: 2/11/2011 2:40:44 PM - Removed ArcGIS Explorer
RP321: 2/11/2011 11:40:23 PM - Software Distribution Service 3.0
RP322: 2/14/2011 5:13:08 PM - Software Distribution Service 3.0
RP323: 2/15/2011 5:28:33 PM - System Checkpoint
RP324: 2/17/2011 10:49:30 AM - System Checkpoint
RP325: 2/18/2011 4:42:25 PM - System Checkpoint
RP326: 2/19/2011 10:22:40 AM - Configured Magellan Communicator
RP327: 2/20/2011 11:01:53 PM - System Checkpoint
RP328: 2/22/2011 9:48:47 AM - System Checkpoint
RP329: 2/24/2011 11:49:19 AM - System Checkpoint
RP330: 2/24/2011 11:19:57 PM - Software Distribution Service 3.0
RP331: 2/26/2011 8:54:50 AM - System Checkpoint
RP332: 2/27/2011 5:59:43 PM - System Checkpoint
RP333: 3/1/2011 7:57:26 AM - System Checkpoint
RP334: 3/2/2011 2:43:52 PM - System Checkpoint
RP335: 3/3/2011 5:27:52 PM - System Checkpoint
RP336: 3/5/2011 9:51:23 AM - System Checkpoint
RP337: 3/7/2011 10:57:08 AM - System Checkpoint
RP338: 3/9/2011 9:11:49 AM - Software Distribution Service 3.0
RP339: 3/9/2011 3:03:00 PM - Removed Opera 10.63.
RP340: 3/10/2011 7:33:25 PM - System Checkpoint
.
==== Installed Programs ======================
.
50 FREE MP3s +1 Free Audiobook!
Acrobat.com
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.4 Professional
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Center 2.1
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Elements 5.0
Adobe Reader 9.2
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Audio FX Engine
Advanced Video FX Engine
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Big Fish Games: Game Manager
Bonjour
Bushnell GPS PC Companion V2.2
Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
Dell Backup and Recovery Manager
Dell Driver Download Manager
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Epic Escapes: Dark Seas Survey
Escape Rosecliff Island
Google Earth Plug-in
Google Update Helper
GPSBabel 1.4.2
Hidden Expedition: Amazon ™
Hidden Expedition: Titanic ™
Hidden Mysteries: Vampire Secrets
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB953955)
Hotfix for Windows XP (KB954434)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB958347)
Hotfix for Windows XP (KB959252)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB968764)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IDT Audio
IKEA Home Planner
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java(TM) 6 Update 16
Java(TM) 6 Update 18
Junk Mail filter update
Laptop Integrated Webcam Driver (1.01.01.0529)
LeapFrog Connect
LeapFrog My Pals Plugin
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Magellan Communicator
Malwarebytes' Anti-Malware
MathPlayer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Midnight Mysteries: Salem Witch Trials
MSN
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB927977)
Mystery Case Files ®: 13th Skull ™
Mystery Case Files®: Dire Grove™
Nightfall Mysteries: Asylum Conspiracy
Nightfall Mysteries: Curse of the Opera
Nightmare Adventures: The Witch's Prison
OGA Notifier 2.0.0048.0
OpenAL
OpenOffice.org 3.2
Opera 11.01
OVT Scanner X86
PDF Settings
PowerDVD DX
QuickTime
Redemption Cemetery: Curse of the Raven
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shutter Island
Sinking Island
Skype Toolbars
Skype™ 5.1
Spybot - Search & Destroy
SpywareBlaster 4.4
Strange Cases - The Lighthouse Mystery
SUPERAntiSpyware
The Fall Trilogy: Chapter 1
Uninstall OVT Scanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
WinPatrol 2009
XML Paper Specification Shared Components Pack 1.0
ZoneAlarm
ZoneAlarm Toolbar
.
==== Event Viewer Messages From Past Week ========
.
3/9/2011 12:36:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/8/2011 9:06:37 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2011 9:06:22 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
3/8/2011 9:05:15 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/8/2011 11:05:44 AM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer DANA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{DACB8DD8-E1AC-46ED-9. The master browser is stopping or an election is being forced.
3/7/2011 9:56:24 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP SRTSPX
3/7/2011 9:56:05 AM, error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
3/7/2011 12:31:15 AM, error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
3/6/2011 1:10:57 AM, error: PSched [14103] - QoS [Adapter {759DDB94-87F9-4CFC-A9E8-BF55F05ADE94}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.
3/5/2011 9:06:42 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
3/5/2011 9:00:09 PM, error: O2SDGRDR [9] -
3/10/2011 9:23:49 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.2. The machine with the IP address 192.168.1.5 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================

by **Dakeyras** » March 11th, 2011, 6:00 pm

Hi.

CKScanner:

Please download CKScanner from here to your Desktop.

Make sure that CKScanner.exe is on the your Desktop before running the application!

Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in. Save this file and post it in your next reply.

by **Mossydog** » March 11th, 2011, 7:28 pm

Hi Dakeyras, sorry for the confusion.
Any hoo, here are the latest log files that you requested.

Thanks, Mossydog

The first is the CKScanner log...

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\epic escapes - dark seas survey\game\data\tilemaps\room10_nutcracker_tile.lyr
c:\program files\nightfall mysteries - asylum conspiracy\swfs\windows\wallcrack.swf
c:\program files\redemption cemetery - curse of the raven\data\sound\28_testament_mg\put_nutcrackers.ogg
scanner sequence 3.AB.11
----- EOF -----

Here is the Window Validation Data log...

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-T6DFB-Y934T-YD4YT
Windows Product Key Hash: 3g4CZGFEDgbKmn/oB4pa2FZsssU=
Windows Product ID: 76487-OEM-2211906-00102
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {A19DDF80-BD56-4A63-9D63-34CEA7574CAF}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Home and Student 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Opera\Opera.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{A19DDF80-BD56-4A63-9D63-34CEA7574CAF}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-YD4YT</PKey><PID>76487-OEM-2211906-00102</PID><PIDType>2</PIDType><SID>S-1-5-21-3021976849-214424443-1725202562</SID><SYSTEM><Manufacturer>Dell Inc.</Manufacturer><Model>Vostro 1520</Model></SYSTEM><BIOS><Manufacturer>Dell Inc.</Manufacturer><Version>A04</Version><SMBIOSVersion major="2" minor="5"/><Date>20090910000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>C08B3CAF0184ED79</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Pacific Standard Time(GMT-08:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Dell Vostro 1520</name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{91120000-002F-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Home and Student 2007</Name><Ver>12</Ver><Val>18A280A9F689F3C</Val><Hash>rE2Bvs9RdvT/fXEbqXSXRpjfck0=</Hash><Pid>81602-926-8371063-68973</Pid><PidType>1</PidType></Product></Products><Applications><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 7EC9:Dell Inc|7EC9:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

by **Dakeyras** » March 12th, 2011, 9:14 am

Hi.

Hi Dakeyras, sorry for the confusion.
Any hoo, here are the latest log files that you requested.

Thanks, Mossydog

No problem and you're most welcome!

Next:

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 9.2 <-- Out of date Adobe installations can be exploited, we will update this in due course.
Java(TM) 6 Update 16 <-- Out of date Java installations can be exploited, we will update this in due course.
Java(TM) 6 Update 18
SUPERAntiSpyware <-- This will hinder the overall Malware Removal process, you may reinstall when I give the all clear if you so wish...But keep as a on-demand scanner only.
ZoneAlarm Toolbar <-- This has undesirable characteristics. Do however keep the actual Software Firewall installed.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Reset SP3 Firewall:

Click on Start >> Run... and cut/paste in the following and click on OK

Code: Select all

firewall.cpl

Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK

Now click on the General tab >> select Off(not recommended) >> OK.

Note: No need for it to be active after the reset because you have the ZoneAlarm Software Firewall installed/active.

Next:

Bare with myself please as I wish to have another look at your machine with a different scanning application, merely view this as myself ensuring your online safety etc.

Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

Double-click on OTL.exe to start OTL.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extra.txt <-- Will be minimised
Please post the contents of these 2 Notepad files in your next reply.

When completed the above, please post back the following in the order asked for:

How is you computer performing now, any further symptoms and or problems encountered?
Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

by **Mossydog** » March 13th, 2011, 2:52 am

Hi Dakeyras,
The computer seems to be running well. I have been reading the news on a couple different websites, watched some new videos and even played a couple of games while using both IE8 and Opera and so far no freezing up. Any suggestions on what else I could be doing to keep my computer safe.

Below is the first of the two log files that you requested.

Again, thank you so much for taking the time to help me. Mossydog

OTL log...

OTL logfile created on: 3/12/2011 4:11:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Moss Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 235.96 Gb Free Space | 79.17% Space Free | Partition Type: NTFS

Computer Name: D3FFQ3L1 | User Name: The Moss Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\The Moss Family\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\The Moss Family\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll (BillP Studios)

========== Win32 Services (SafeList) ==========

SRV - (Norton Internet Security) -- File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (STacSV) -- c:\Program Files\IDT\XPV10_6147v005\WDM\stacsv.exe (IDT, Inc.)
SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()

========== Driver Services (SafeList) ==========

DRV - (SASKUTIL) -- File not found
DRV - (SASDIFSV) -- File not found
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.)
DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.)
DRV - (O2MDGRDR) -- C:\WINDOWS\system32\drivers\o2mdg.sys (O2Micro )
DRV - (O2SDGRDR) -- C:\WINDOWS\system32\drivers\o2sdg.sys (O2Micro )
DRV - (NETw5x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (APL531) -- C:\WINDOWS\system32\drivers\ov550i.sys (Omnivision Technologies, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USSMB/1
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.live.com
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/03/02 17:13:22 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/07/27 20:28:14 | 000,414,794 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14325 more lines...
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Agatha%20Christie%20Mystery%20Pack/Images/armhelper.ocx (ArmHelper Control)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\The Moss Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\The Moss Family\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 13:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cbc4e084-df8a-11df-935e-0ceee6f165b3}\Shell\AutoRun\command - "" = E:\WD_Windows_Tools\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/12 10:41:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\The Moss Family\Desktop\OTL.exe
[2011/03/12 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/03/11 18:25:10 | 012,236,144 | ---- | C] (Opera Software) -- C:\WINDOWS\opera.dll
[2011/03/11 15:11:08 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\The Moss Family\Desktop\MGADiag.exe
[2011/03/10 08:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Moss Family\My Documents\My Received Files
[2011/03/08 21:53:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\The Moss Family\Desktop\HijackThis.exe
[2011/03/05 14:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ZoneAlarm_Security
[2011/03/04 11:55:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/02/23 17:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Moss Family\My Documents\Kathy Memorial at Marys house
[2011/02/17 09:44:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/11 14:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GPSBabel
[2011/02/11 14:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\GPSBabel
[2011/02/11 14:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Moss Family\Desktop\Bushnell GPS Stuff
[2011/02/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bushnell GPS PC Companion
[2011/02/11 13:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\The Moss Family\My Documents\GPS PC Companion
[2011/02/11 13:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Bushnell
[2007/10/15 09:35:00 | 000,040,960 | ---- | C] ( ) -- C:\WINDOWS\OMNIUNS.EXE
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/12 16:14:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/12 16:14:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/12 10:41:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\The Moss Family\Desktop\OTL.exe
[2011/03/12 10:07:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/12 10:06:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/12 10:06:48 | 3180,281,856 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/12 08:04:01 | 108,462,430 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/11 18:22:59 | 012,236,144 | ---- | M] (Opera Software) -- C:\WINDOWS\opera.dll
[2011/03/11 17:53:01 | 108,431,978 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.old
[2011/03/11 15:11:08 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\The Moss Family\Desktop\MGADiag.exe
[2011/03/11 15:10:37 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Desktop\CKScanner.exe
[2011/03/11 09:15:11 | 000,006,044 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Desktop\Attach.zip
[2011/03/10 20:17:16 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Desktop\dds.scr
[2011/03/10 20:16:44 | 000,879,069 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Desktop\SecurityCheck.exe
[2011/03/09 15:03:24 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/03/09 15:03:24 | 000,001,494 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/03/09 09:12:06 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/08 21:53:09 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\The Moss Family\Desktop\HijackThis.exe
[2011/03/05 14:17:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/04 11:56:35 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/03/04 11:55:37 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/03/04 11:55:36 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Desktop\ZoneAlarm Security.lnk
[2011/03/03 18:49:25 | 000,108,755 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/03 13:09:03 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Local Settings\Application Data\housecall.guid.cache
[2011/03/02 17:15:15 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/01 19:13:50 | 001,147,563 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer-all pages.pdf
[2011/03/01 19:04:24 | 000,421,314 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer-2.pdf
[2011/03/01 18:56:10 | 000,775,728 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer.pdf
[2011/03/01 16:22:16 | 002,343,279 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 Tax Return papers.pdf
[2011/03/01 16:11:32 | 000,048,716 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 Tax Return papers-1.pdf
[2011/02/21 20:27:22 | 000,021,136 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\puzzlechair.pdf
[2011/02/21 16:54:17 | 000,100,217 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\kids table and chairs.pdf
[2011/02/21 10:51:39 | 000,052,135 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\toysrus step2 playhouse receipt.pdf
[2011/02/18 17:28:28 | 001,238,528 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/02/18 17:28:24 | 000,110,080 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/02/18 17:28:24 | 000,104,448 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/02/18 17:28:24 | 000,069,120 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/02/18 17:28:24 | 000,043,008 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/02/18 17:28:22 | 000,715,264 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/02/18 17:28:22 | 000,302,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/02/18 17:28:22 | 000,228,864 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/02/18 17:28:22 | 000,112,128 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/02/18 17:28:22 | 000,108,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/02/18 17:28:22 | 000,058,368 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/02/16 17:39:14 | 012,419,749 | ---- | M] () -- C:\Documents and Settings\The Moss Family\My Documents\Reducing Forest Fire Risk.pdf
[2011/02/12 22:21:36 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\The Moss Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/12 09:31:05 | 001,484,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/11 14:58:53 | 000,000,642 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GPSBabel.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/11 15:10:37 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Desktop\CKScanner.exe
[2011/03/11 09:15:11 | 000,006,044 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Desktop\Attach.zip
[2011/03/10 20:16:43 | 000,879,069 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Desktop\SecurityCheck.exe
[2011/03/09 20:57:26 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Desktop\dds.scr
[2011/03/09 15:03:24 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/03/09 15:03:24 | 000,001,500 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/03/09 15:03:24 | 000,001,494 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/03/04 11:55:36 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Desktop\ZoneAlarm Security.lnk
[2011/03/03 13:09:03 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Local Settings\Application Data\housecall.guid.cache
[2011/03/02 17:15:15 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/03/01 19:13:50 | 001,147,563 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer-all pages.pdf
[2011/03/01 19:04:24 | 000,421,314 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer-2.pdf
[2011/03/01 18:56:09 | 000,775,728 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 tax return organizer.pdf
[2011/03/01 16:10:58 | 000,048,716 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 Tax Return papers-1.pdf
[2011/03/01 12:58:32 | 002,343,279 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\2010 Tax Return papers.pdf
[2011/02/21 20:27:22 | 000,021,136 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\puzzlechair.pdf
[2011/02/21 16:54:17 | 000,100,217 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\kids table and chairs.pdf
[2011/02/21 10:51:39 | 000,052,135 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\toysrus step2 playhouse receipt.pdf
[2011/02/16 17:39:14 | 012,419,749 | ---- | C] () -- C:\Documents and Settings\The Moss Family\My Documents\Reducing Forest Fire Risk.pdf
[2011/02/11 14:58:53 | 000,000,642 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GPSBabel.lnk
[2010/08/21 12:24:48 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/04/28 16:41:16 | 000,000,598 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/04/28 15:43:13 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/04/28 07:26:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/13 09:34:38 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\The Moss Family\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 14:10:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/12/06 20:36:45 | 000,000,251 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/11/26 22:49:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2009/11/26 22:49:10 | 002,026,604 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/11/26 22:49:10 | 000,442,964 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/11/26 22:49:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5016.dll
[2009/11/26 22:44:23 | 000,001,153 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/11/26 21:14:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/11/26 21:05:43 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 19:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 19:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 13:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 13:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 13:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 08:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 08:16:22 | 000,464,078 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 08:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 08:16:22 | 000,079,188 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 08:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 08:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 08:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 08:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 08:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 08:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 08:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 08:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 01:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 01:21:52 | 001,484,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 08:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 08:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 08:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/05/17 12:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 12:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/12/27 16:34:00 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\softcoin.dll
[2006/12/27 16:34:00 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\gencoin.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94B46CA2
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A866F8A3
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5912EAD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:249A49F7

< End of report >

by **Mossydog** » March 13th, 2011, 2:56 am

Here is the second log.

OTL Extras logfile created on: 3/12/2011 4:11:54 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\The Moss Family\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.05 Gb Total Space | 235.96 Gb Free Space | 79.17% Space Free | Partition Type: NTFS

Computer Name: D3FFQ3L1 | User Name: The Moss Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}" = Magellan Communicator
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.2
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1EE255A5-64CE-4C14-A3BE-B38EF70C57C2}" = Bushnell GPS PC Companion V2.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B566EFE-DC1D-471F-93DD-84832663F140}" = OVT Scanner X86
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D59AC32-B0FA-4CD7-A2EC-4B57C06CD9D9}" = Dell Backup and Recovery Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB77DC4C-B818-4FD4-8D1D-5D3B617B78B4}" = LeapFrog My Pals Plugin
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.4 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"AVG" = AVG 2011
"BFGC" = Big Fish Games: Game Manager
"BFG-Dark Tales - Edgar Allan Poe`s Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe`s Murders in the Rue Morgue
"BFG-Epic Escapes - Dark Seas Survey" = Epic Escapes: Dark Seas Survey
"BFG-Escape Rosecliff Island" = Escape Rosecliff Island
"BFG-Hidden Expedition - Amazon" = Hidden Expedition: Amazon ™
"BFG-Hidden Expedition - Titanic" = Hidden Expedition: Titanic ™
"BFG-Hidden Mysteries - Vampire Secrets" = Hidden Mysteries: Vampire Secrets
"BFG-Midnight Mysteries - Salem Witch Trials" = Midnight Mysteries: Salem Witch Trials
"BFG-Mystery Case Files - 13th Skull" = Mystery Case Files ®: 13th Skull ™
"BFG-Mystery Case Files - Dire Grove" = Mystery Case Files®: Dire Grove™
"BFG-Nightfall Mysteries - Asylum Conspiracy" = Nightfall Mysteries: Asylum Conspiracy
"BFG-Nightfall Mysteries - Curse of the Opera" = Nightfall Mysteries: Curse of the Opera
"BFG-Nightmare Adventures - The Witch's Prison" = Nightmare Adventures: The Witch's Prison
"BFG-Redemption Cemetery - Curse of the Raven" = Redemption Cemetery: Curse of the Raven
"BFG-Shutter Island" = Shutter Island
"BFG-Sinking Island" = Sinking Island
"BFG-Strange Cases - The Lighthouse Mystery" = Strange Cases - The Lighthouse Mystery
"BFG-The Fall Trilogy - Chapter 1" = The Fall Trilogy: Chapter 1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{0FD5FD0B-4BA6-47A1-99C3-F8A964C3CCA5}" = Magellan Communicator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MyPalsPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)
"OpenAL" = OpenAL
"Opera 11.01.1190" = Opera 11.01
"OVT Scanner" = Uninstall OVT Scanner
"ProInst" = Intel PROSet Wireless
"SpywareBlaster_is1" = SpywareBlaster 4.4
"UPCShell" = LeapFrog Connect
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3021976849-214424443-1725202562-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2011 6:03:28 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21938

Error - 3/10/2011 6:03:30 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/10/2011 6:03:30 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 23891

Error - 3/10/2011 6:03:30 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 23891

Error - 3/11/2011 6:58:55 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/11/2011 6:58:55 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2125

Error - 3/11/2011 6:58:55 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2125

Error - 3/12/2011 5:09:14 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/12/2011 5:09:14 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14438

Error - 3/12/2011 5:09:14 PM | Computer Name = D3FFQ3L1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14438

[ System Events ]
Error - 3/12/2011 12:22:54 PM | Computer Name = D3FFQ3L1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.

Error - 3/12/2011 12:30:14 PM | Computer Name = D3FFQ3L1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANA-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DACB8DD8-E1AC-46ED-9. The master browser is stopping or an election
is being forced.

Error - 3/12/2011 1:31:20 PM | Computer Name = D3FFQ3L1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANA-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DACB8DD8-E1AC-46ED-9. The master browser is stopping or an election
is being forced.

Error - 3/12/2011 2:07:13 PM | Computer Name = D3FFQ3L1 | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 3/12/2011 2:07:40 PM | Computer Name = D3FFQ3L1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SRTSP SRTSPX

Error - 3/12/2011 2:07:58 PM | Computer Name = D3FFQ3L1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/12/2011 2:07:59 PM | Computer Name = D3FFQ3L1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/12/2011 2:07:59 PM | Computer Name = D3FFQ3L1 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/12/2011 2:32:26 PM | Computer Name = D3FFQ3L1 | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
DANA-PC that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{DACB8DD8-E1AC-46ED-9. The master browser is stopping or an election
is being forced.

Error - 3/12/2011 6:55:47 PM | Computer Name = D3FFQ3L1 | Source = PSched | ID = 14103
Description = QoS [Adapter {759DDB94-87F9-4CFC-A9E8-BF55F05ADE94}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

< End of report >

by **Dakeyras** » March 13th, 2011, 12:02 pm

Hi.

The computer seems to be running well. I have been reading the news on a couple different websites, watched some new videos and even played a couple of games while using both IE8 and Opera and so far no freezing up. Any suggestions on what else I could be doing to keep my computer safe.

Good.

Again, thank you so much for taking the time to help me. Mossydog

You're welcome!

Please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Spybot - Search & Destroy <-- With hindsight this will actually hinder the overall Malware Removal process, you may reinstall when I give the all clear if you so wish.

To do so, click once on each of the above in turn to highlight and then click on the Remove button.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please go here and download ERUNT.
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double-click on erunt-setup.exe to Install ERUNT by following the prompts.
Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.

Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Next:

Temporarily disable WinPatrol(so it will not hinder the OTL Custom Script below, it will automatically start after the system reboot):-

Right click on the WinPatrol system tray icon.
Select Exit Program.

Custom OTL Script:

Double-click OTL.exe to start the program.
Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: Select all

:OTL
SRV - (Norton Internet Security) -- File not found
DRV - (SASKUTIL) -- File not found
DRV - (SASDIFSV) -- File not found
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-3021976849-214424443-1725202562-1005\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
[2011/03/12 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A819A132
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410
@Alternate Data Stream - 234 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48977386
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE
@Alternate Data Stream - 230 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED
@Alternate Data Stream - 226 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:94B46CA2
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 216 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:71612023
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91
@Alternate Data Stream - 196 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A866F8A3
@Alternate Data Stream - 150 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5912EAD
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:249A49F7

:Files 
ipconfig /flushdns /c 
%systemroot%\prefetch\*.* 

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Reboot]

Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
Then click the red Run Fix button.
Let the program run unhindered.
If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Launch the application, Check for Updates >> Perform a Quick Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

How is your computer performing now, any further symptoms and or problems encountered?
OTL Log from the Custom Script.
Malwarebytes Anti-Malware Log.

by **Mossydog** » March 14th, 2011, 4:16 pm

Hello again,
the computer is running smoothly now. Start up is quick, and no freezing up.
Just another thing that I thought of.... we recently got a new FIOS connection with wireless router, we have had it for a little over a month. After years of being on DSL and having relatively no computer problems it sure is a coincidence that I suddenly had problems.
The following are the logs that you requested.
Thanks, Mossydog

OTL log...

All processes killed
========== OTL ==========
Service Norton Internet Security stopped successfully!
Service Norton Internet Security deleted successfully!
File File not found not found.
Error: No service named SASKUTIL was found to stop!
Service\Driver key SASKUTIL not found.
File File not found not found.
Error: No service named SASDIFSV was found to stop!
Service\Driver key SASDIFSV not found.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}\ deleted successfully.
C:\Program Files\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ deleted successfully.
C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
HKU\S-1-5-21-3021976849-214424443-1725202562-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3021976849-214424443-1725202562-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
File C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll not found.
C:\WINDOWS\System32\appmgmt\S-1-5-21-3021976849-214424443-1725202562-1005 folder moved successfully.
C:\WINDOWS\System32\appmgmt\MACHINE folder moved successfully.
C:\WINDOWS\System32\appmgmt folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET7B.tmp deleted successfully.
C:\WINDOWS\System32\SET7D.tmp deleted successfully.
C:\WINDOWS\System32\SET81.tmp deleted successfully.
C:\WINDOWS\System32\SET89.tmp deleted successfully.
C:\WINDOWS\System32\SETC6.tmp deleted successfully.
C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCall.dll deleted successfully.
C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCalla.exe deleted successfully.
C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP folder deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A819A132 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9E9A3410 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:48977386 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:B54E4B5A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:ED51D3ED deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E6C6EB3B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BAC4211 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C76CFF82 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:94B46CA2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:98982C88 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:71612023 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:090FB735 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:FB97DB91 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A866F8A3 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F5912EAD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:249A49F7 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\The Moss Family\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\The Moss Family\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\prefetch\ADOBE_UPDATER.EXE-36985884.pf moved successfully.
C:\WINDOWS\prefetch\AESTFLTR.EXE-24296A87.pf moved successfully.
C:\WINDOWS\prefetch\ALG.EXE-275708CF.pf moved successfully.
C:\WINDOWS\prefetch\APMSGFWD.EXE-202DCA6E.pf moved successfully.
C:\WINDOWS\prefetch\APNTEX.EXE-1F40D543.pf moved successfully.
C:\WINDOWS\prefetch\APOINT.EXE-28154A30.pf moved successfully.
C:\WINDOWS\prefetch\APPLEMOBILEDEVICESERVICE.EXE-0A278840.pf moved successfully.
C:\WINDOWS\prefetch\AVGCHSVX.EXE-295C373E.pf moved successfully.
C:\WINDOWS\prefetch\AVGCSRVX.EXE-0A36B979.pf moved successfully.
C:\WINDOWS\prefetch\AVGEMCX.EXE-0D1968E7.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSAGENT.EXE-06AAEFAE.pf moved successfully.
C:\WINDOWS\prefetch\AVGIDSMONITOR.EXE-355BD51F.pf moved successfully.
C:\WINDOWS\prefetch\AVGMFAPX.EXE-268B4A8E.pf moved successfully.
C:\WINDOWS\prefetch\AVGNSX.EXE-180CA415.pf moved successfully.
C:\WINDOWS\prefetch\AVGRSX.EXE-07784E58.pf moved successfully.
C:\WINDOWS\prefetch\AVGSCANX.EXE-2579EF3A.pf moved successfully.
C:\WINDOWS\prefetch\AVGSRMAX.EXE-0CCC9D9C.pf moved successfully.
C:\WINDOWS\prefetch\AVGTRAY.EXE-1C1D9393.pf moved successfully.
C:\WINDOWS\prefetch\AVGUI.EXE-061322EA.pf moved successfully.
C:\WINDOWS\prefetch\AVGWDSVC.EXE-27E272A1.pf moved successfully.
C:\WINDOWS\prefetch\CKSCANNER.EXE-3A696FD2.pf moved successfully.
C:\WINDOWS\prefetch\CLEAN_TOOL.EXE-070A5693.pf moved successfully.
C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf moved successfully.
C:\WINDOWS\prefetch\COMMANDSERVICE.EXE-19EDC9BF.pf moved successfully.
C:\WINDOWS\prefetch\CONTROL.EXE-24FBF8B3.pf moved successfully.
C:\WINDOWS\prefetch\CTFMON.EXE-05E57A5E.pf moved successfully.
C:\WINDOWS\prefetch\DUMPREP.EXE-0AF2BF67.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT-SETUP.EXE-0E7CE14D.pf moved successfully.
C:\WINDOWS\prefetch\ERUNT.EXE-23218E37.pf moved successfully.
C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf moved successfully.
C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf moved successfully.
C:\WINDOWS\prefetch\FIXCFG.EXE-252306B6.pf moved successfully.
C:\WINDOWS\prefetch\FORCEFIELD.EXE-1F16F900.pf moved successfully.
C:\WINDOWS\prefetch\FXSSVC.EXE-140862E7.pf moved successfully.
C:\WINDOWS\prefetch\GLB1A2B.EXE-10E8A2EA.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-024AD864.pf moved successfully.
C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-160E1F62.pf moved successfully.
C:\WINDOWS\prefetch\HIDFIND.EXE-1F342FC6.pf moved successfully.
C:\WINDOWS\prefetch\HKCMD.EXE-0F06AE14.pf moved successfully.
C:\WINDOWS\prefetch\IEXPLORE.EXE-2D97EBE6.pf moved successfully.
C:\WINDOWS\prefetch\IFRMEWRK.EXE-0BC4CEEA.pf moved successfully.
C:\WINDOWS\prefetch\IGFXPERS.EXE-19DA7B04.pf moved successfully.
C:\WINDOWS\prefetch\IGFXSRVC.EXE-1D88F978.pf moved successfully.
C:\WINDOWS\prefetch\IGFXTRAY.EXE-0A23D403.pf moved successfully.
C:\WINDOWS\prefetch\IMAPI.EXE-201490BB.pf moved successfully.
C:\WINDOWS\prefetch\IPCONFIG.EXE-05D7908C.pf moved successfully.
C:\WINDOWS\prefetch\IS-9O18N.TMP-05AB0F1E.pf moved successfully.
C:\WINDOWS\prefetch\ISWSVC.EXE-33304D84.pf moved successfully.
C:\WINDOWS\prefetch\ISWUPDE.EXE-04671704.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-109216D1.pf moved successfully.
C:\WINDOWS\prefetch\JAVAW.EXE-392A4E93.pf moved successfully.
C:\WINDOWS\prefetch\JQS.EXE-31B60334.pf moved successfully.
C:\WINDOWS\prefetch\Layout.ini moved successfully.
C:\WINDOWS\prefetch\LOGONUI.EXE-312BE1BF.pf moved successfully.
C:\WINDOWS\prefetch\MGADIAG.EXE-268D5FED.pf moved successfully.
C:\WINDOWS\prefetch\MSI14.TMP-10EA5E4E.pf moved successfully.
C:\WINDOWS\prefetch\MSI1B.TMP-1F13AB8D.pf moved successfully.
C:\WINDOWS\prefetch\MSIEXEC.EXE-330626DC.pf moved successfully.
C:\WINDOWS\prefetch\MSNMSGR.EXE-0EBDBC56.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf moved successfully.
C:\WINDOWS\prefetch\NOTEPAD.EXE-2F2D61E1.pf moved successfully.
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
C:\WINDOWS\prefetch\O2FLASH.EXE-2209295F.pf moved successfully.
C:\WINDOWS\prefetch\OEM13MON.EXE-142C3F6E.pf moved successfully.
C:\WINDOWS\prefetch\OPERA.EXE-296F5322.pf moved successfully.
C:\WINDOWS\prefetch\OPERA.EXE-3B75DA17.pf moved successfully.
C:\WINDOWS\prefetch\OPERA_1101_EN_SETUP.EXE-060BF1DD.pf moved successfully.
C:\WINDOWS\prefetch\OTL.EXE-1A508659.pf moved successfully.
C:\WINDOWS\prefetch\PDVDDXSRV.EXE-15DB7A5B.pf moved successfully.
C:\WINDOWS\prefetch\PHOTOSHOPELEMENTSFILEAGENT.EX-11DA4292.pf moved successfully.
C:\WINDOWS\prefetch\REGSRVC.EXE-25523967.pf moved successfully.
C:\WINDOWS\prefetch\REGSVR32.EXE-396DEA2C.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-3C500167.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-421E3F36.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5645E36A.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-5830CCA7.pf moved successfully.
C:\WINDOWS\prefetch\RUNDLL32.EXE-6704CAE6.pf moved successfully.
C:\WINDOWS\prefetch\SDFILES.EXE-010A4312.pf moved successfully.
C:\WINDOWS\prefetch\SEAPORT.EXE-22340720.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-1FEC9DD2.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-00DB35DB.pf moved successfully.
C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-1460F5CC.pf moved successfully.
C:\WINDOWS\prefetch\SNDVOL32.EXE-0EC6FD20.pf moved successfully.
C:\WINDOWS\prefetch\SPOOLSV.EXE-3A613CE3.pf moved successfully.
C:\WINDOWS\prefetch\SSUPDATE.EXE-31C62A02.pf moved successfully.
C:\WINDOWS\prefetch\STACSV.EXE-2F29E8C5.pf moved successfully.
C:\WINDOWS\prefetch\STTRAY.EXE-36494DC7.pf moved successfully.
C:\WINDOWS\prefetch\SUPERANTISPYWARE.EXE-28713C90.pf moved successfully.
C:\WINDOWS\prefetch\SVCHOST.EXE-2D5FBD18.pf moved successfully.
C:\WINDOWS\prefetch\TASKMGR.EXE-06144C13.pf moved successfully.
C:\WINDOWS\prefetch\UNINS000.EXE-38762295.pf moved successfully.
C:\WINDOWS\prefetch\UNINSTALL.EXE-032D7639.pf moved successfully.
C:\WINDOWS\prefetch\UNINSTALL.EXE-28BFC885.pf moved successfully.
C:\WINDOWS\prefetch\UNSECAPP.EXE-16EB9856.pf moved successfully.
C:\WINDOWS\prefetch\UNWISE.EXE-07A8D88B.pf moved successfully.
C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf moved successfully.
C:\WINDOWS\prefetch\VERSIO~2.EXE-1B7ADF45.pf moved successfully.
C:\WINDOWS\prefetch\WINAMP.EXE-22223556.pf moved successfully.
C:\WINDOWS\prefetch\WINDOWSSEARCH.EXE-297AD9CA.pf moved successfully.
C:\WINDOWS\prefetch\WLKEEPER.EXE-3849528A.pf moved successfully.
C:\WINDOWS\prefetch\WMIADAP.EXE-32F99497.pf moved successfully.
C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf moved successfully.
C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf moved successfully.
C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf moved successfully.
C:\WINDOWS\prefetch\ZCFGSVC.EXE-2C0DDF66.pf moved successfully.
C:\WINDOWS\prefetch\ZONEALARM_SECURITYTOOLBARHELP-0BED6BD3.pf moved successfully.
C:\WINDOWS\prefetch\_IU14D2N.TMP-204E8584.pf moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 321 bytes

User: All Users

User: Default User
->Flash cache emptied: 321 bytes

User: LocalService

User: NetworkService

User: The Moss Family
->Flash cache emptied: 297029 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 70726 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 2053080 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 1984440 bytes
->Temporary Internet Files folder emptied: 1130662 bytes

User: The Moss Family
->Temp folder emptied: 481811409 bytes
->Temporary Internet Files folder emptied: 357535436 bytes
->Java cache emptied: 37994107 bytes
->Opera cache emptied: 55013120 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28593239 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23937686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 659046584 bytes

Total Files Cleaned = 1,573.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.22.3 log created on 03132011_182422

Files\Folders moved on Reboot...
C:\Documents and Settings\The Moss Family\Local Settings\Temp\~DF6476.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT05407.TMP not found!

Registry entries deleted on Reboot...

Malwarebytes log....

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Database version: 6046

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/13/2011 8:53:57 PM
mbam-log-2011-03-13 (20-53-57).txt

Scan type: Quick scan
Objects scanned: 166348
Time elapsed: 3 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Free Malware Removal Forum

slow computer, credit card# stolen, FB ID taken.

slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Re: slow computer, credit card# stolen, FB ID taken.

Who is online