Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Double click adware?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Double click adware?

Unread postby AndyGitane » January 1st, 2011, 3:51 pm

Hasn't popped up as much lately. Sometimes it opens a new window to some ad site, dating, get rich. Sometimes a blank new window. Once in awhile, it will populate the current window. Often, if I close the second window it will close all other open internet windows. I use Firefox.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:45 PM, on 1/1/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7448389587
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5880 bytes

Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Advanced SystemCare 3
AnswerWorks 5.0 English Runtime
ArcSoft TotalMedia Backup
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Auslogics Disk Defrag
AVG 2011
AVG 2011
AVG 2011
AVG PC Tuneup 2011
Broadcom 802.11 Driver
Conexant 56K ACLink Modem
DC8
Game Booster
HiJackThis
Hotfix for Windows XP (KB2443685)
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IObit Security 360
IObit Toolbar v4.1
Java(TM) 6 Update 22
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PhotoScape
Quicken 2009
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923789)
Update for Windows XP (KB2467659)
Windows XP Service Pack 3
WinPatrol 2010
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm
Advertisement
Register to Remove

Re: Double click adware?

Unread postby Bob4 » January 2nd, 2011, 8:21 am

Welcome to the Forums.

The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
The process is not instant.
Please continue to review my answers until I tell you your machine is clear.
Absence of symptoms does not mean that everything is clear.
So lets do this to the end!



  • Save and quit any work your doing before beginning the fix.
  • All hijackthis logs I ask for should be done in normal mode ( not safe mode)
  • These logs should be done last after you have followed my instructions in the previous post.
  • DO NOT install new programs while we are fixing this machine.
  • Be sure to use the subscribe button to receive notification by Email that you have been replied to.
    If I do not hear from you in 3 days from my last post this topic will be closed. You will need to start another.


Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!


NOTE to Vista and windows 7 users:
For any tool I ask you to run you will need to "right click on it and choose
"Run as Administrator"




______________________________
HiJackThis
Run hijackthis
(Windows 7 or Vista users please right click and choose "run as administrator.)
and choose scan only and place a check by the following lines if present.
Close all other windows and browsers except HJT before clicking on Fix Checked

R3 - URLSearchHook: IObit Toolbar - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - C:\Program Files\IObit Toolbar\IE\4.1\iobitToolbarIE.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKCU\..\Run: [Advanced SystemCare 3] C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe /startup

Close that.


___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall

IObit Security 360
IObit Toolbar v4.1r






please do the following:
  • Download a diagnostic tool (MGADiag.exe) from >here< and save this to your Desktop.
  • Double-click on MGADiag.exe.
  • When the program has finished, click on the Validation tab and then click on Copy to Clipboard
  • Please post the results in your next reply.




_____________________________________________
RSIT
  • Download Random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


This log will also produce a Hijackthis log so NO reason to post one of those.

_________________________
In your next reply I would like to see:
  • The report from RSIT
  • The report from MGADIAG
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 2nd, 2011, 3:07 pm

My computer was rebuilt by a local tech. I had a virus, possibly from the wireless service at my apartment? Shortly after that, I think when I downloaded Adobe, that I started having this malware problem, although other tenants here have mentioned a similar problem. I believe the manager has reset the server?

I was reading the Forum yesterday and saw a similar post. I forgot to mention that my computer does take a long time to boot, AVG & Scotty are working? And probably takes 2 minutes to shutdown.

I didn't understand this request. I did see the automated response via my Yahoo account.
"Be sure to use the subscribe button to receive notification by Email that you have been replied to."

Ran Hijack This, clicked on the 6 lines you requested, Fix Checked, closed program.
Opened Control Panel, Add/Remove programs, Removed two IOBit programs.
Clicked on your link to MGADiag.exe, Windows tab, Validation, copied below.
Clicked on your link to RSIT, Continue, HijackThis started to run, then froze? Opened Task Manager said not responding. End task, logged off of Malware site and closed Firefox. Tried again. Same thing, but let it run for 30 minutes, no progress on the bar.
MGA report below:
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-CBWQ6-KXCWP-TVM93
Windows Product Key Hash: AJDKDaFXzxs23dTJdvdhPHVROls=
Windows Product ID: 76487-640-5839656-23923
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {1AE7C523-477E-41C5-887E-75CEE7293C18}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{1AE7C523-477E-41C5-887E-75CEE7293C18}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TVM93</PKey><PID>76487-640-5839656-23923</PID><PIDType>1</PIDType><SID>S-1-5-21-299502267-839522115-1343024091</SID><SYSTEM><Manufacturer>Hewlett-Packard </Manufacturer><Model>Presario 2500 (DK558A) </Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies Ltd.</Manufacturer><Version>KF_KH.F.06</Version><SMBIOSVersion major="2" minor="3"/><Date>20030403000000.000000+000</Date></BIOS><HWID>1DA93B07018400D2</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Mountain Standard Time(GMT-07:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>23713E656FDBD00</Val><Hash>wqozWr9Z3LpmT7ggxlEO9Re1Ji0=</Hash><Pid>73931-640-2976533-57624</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 13910:Compaq Computer Corporation|13966:Compaq Computer Corporation|13966:Compaq Computer Corporation|13966:Hewlett-Packard Company|9BEA:Semp Toshiba Informatica Ltda|9BEA:TOSHIBA CORPORATION
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 2nd, 2011, 4:33 pm

I didn't understand this request. I did see the automated response via my Yahoo account.
"Be sure to use the subscribe button to receive notification by Email that you have been replied to."
As long as you receive email that I have replied to your post we are good there. If after I post back we go more than 3 days this topic will be closed. Even if you do not receive an email check back to be sure . Stuff happens. :roll:
I was reading the Forum yesterday and saw a similar post.
Be very careful here. Do not follow advice designed for someone elses computer. Results could/will be less than desirable.




_______________________________________
Download OTL (by Oldtimer) to your desktop from one of these locations:
here 1
here 2

  • Click on it to open
  • Everything on the left 6 boxes should be checked as "Use safe List"
  • Be sure Standard out put is check. << Giver me time to go through all that :lol:
  • Now click scan now

      When it's done 2 files will be on your desktop One will auto open.
    • * OTListIt.txt <-- Will be opened, maximized
    • * Extras.txt <-- Will be minimized on task bar. .
    • Copy the contents of both those in your next reply.





    _________________________
    In your next reply I would like to see:
    • A new HJT log
    • The report OTL
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 2nd, 2011, 5:54 pm

OTL logfile created on: 1/2/2011 2:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 30.42 Gb Free Space | 81.68% Space Free | Partition Type: NTFS

Computer Name: GARY-8A733E5E27 | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/02 14:40:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/12/01 04:14:46 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/12/01 04:14:14 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/11/23 13:34:16 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/05/26 16:15:11 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/10 13:39:30 | 000,315,392 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
PRC - [2003/05/21 14:35:50 | 000,004,608 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\carpserv.exe


========== Modules (SafeList) ==========

MOD - [2011/01/02 14:40:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/26 11:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/11/23 13:34:14 | 006,128,208 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/06 10:31:48 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2003/03/09 20:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2004/08/04 17:05:20 | 000,341,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/08/04 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/08/03 15:32:22 | 000,231,552 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97ali.sys -- (aliadwdm)
DRV - [2004/05/15 20:29:12 | 000,701,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/05/21 14:35:56 | 000,030,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\strmdisp.sys -- (StreamDispatcher)
DRV - [2003/05/21 14:33:54 | 000,179,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWALI.sys -- (HSFHWALI)
DRV - [2003/05/21 14:32:32 | 000,631,296 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/05/21 14:31:22 | 001,063,040 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2001/08/17 06:49:02 | 000,026,624 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alifir.sys -- (ALiIRDA)
DRV - [2001/08/17 05:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/27 14:08:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2010/10/22 08:36:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 18:06:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 18:06:12 | 000,000,000 | ---D | M]

[2010/10/18 22:10:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2010/10/22 08:56:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\bbgyvvhz.default\extensions
[2011/01/02 11:01:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/14 11:08:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/27 14:08:01 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2010/11/14 11:07:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/14 11:07:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CARPService] C:\WINDOWS\System32\carpserv.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe (ArcSoft, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7448389587 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/17 23:25:10 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/02 14:40:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2011/01/02 11:08:52 | 000,000,000 | ---D | C] -- C:\rsit
[2011/01/02 11:03:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2011/01/02 11:03:00 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gary\Desktop\MGADiag.exe
[2011/01/01 12:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/01 12:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\HiJackThis
[2010/12/30 15:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Diamond Cut Audio
[2010/12/30 15:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Diamond Cut Productions
[2010/12/28 20:55:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\RMHP
[2010/12/24 16:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Game Booster
[2010/12/21 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\My Documents\Resume soon
[2010/12/16 20:30:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\My Documents\Downloads
[2010/12/16 19:28:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/16 19:23:32 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/10 16:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\My Documents\Photos
[2010/12/08 13:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\My Documents\ArcSoft
[2010/12/08 12:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\ArcSoft
[2010/12/08 12:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ArcSoft TotalMedia Backup
[2010/12/08 12:34:00 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/12/04 11:37:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gary\Recent
[2003/04/09 12:13:50 | 000,577,536 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Common Files\Setup.exe
[2003/03/09 20:30:44 | 000,184,320 | ---- | C] (HP) -- C:\Program Files\Common Files\hpzscr07.dll
[2003/03/09 20:30:42 | 000,274,432 | ---- | C] (HP) -- C:\Program Files\Common Files\hpzglu07.exe
[2003/03/09 20:30:42 | 000,237,568 | ---- | C] (Hewlett-Packard Co.) -- C:\Program Files\Common Files\hpzc3212.dll
[2002/09/09 17:48:20 | 000,022,608 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\usbprint.sys
[2002/09/09 17:48:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\usbmon.dll
[2002/09/09 17:47:52 | 000,254,005 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\msvcrt.dll
[2002/09/09 17:47:44 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\msvcirt.dll
[2002/09/09 17:47:00 | 000,212,992 | ---- | C] (HP) -- C:\Program Files\Common Files\hpzpnp07.dll
[2002/09/09 17:46:50 | 000,049,212 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Common Files\hpzjvp01.dll
[2002/09/09 17:46:42 | 000,249,913 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Common Files\hpzjut01.dll
[2002/09/09 17:46:32 | 000,417,849 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Common Files\hpzjpp01.dll
[2002/09/09 17:46:24 | 000,028,722 | ---- | C] (Hewlett-Packard) -- C:\Program Files\Common Files\hpzjlog.dll
[2002/09/06 09:54:56 | 000,995,383 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MFC42.DLL
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/02 14:40:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\Desktop\OTL.exe
[2011/01/02 14:33:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/02 14:32:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/02 11:08:03 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\RSIT.exe
[2011/01/02 11:03:10 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Gary\Desktop\MGADiag.exe
[2011/01/02 10:48:48 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.lnk
[2011/01/02 08:57:10 | 103,260,215 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/01/01 20:24:38 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Thumb done wrong.doc
[2011/01/01 16:32:14 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Invoice 2011-01.doc
[2011/01/01 13:39:20 | 000,301,221 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Odessa Xmas.jpg
[2011/01/01 12:31:59 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.msi
[2011/01/01 09:11:20 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/31 21:00:32 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1288148103.job
[2010/12/31 20:15:40 | 001,379,280 | R--- | M] () -- C:\Documents and Settings\Gary\Desktop\I_have_no_secrets.wmv
[2010/12/31 09:03:35 | 000,540,220 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Turkey trot video.wav
[2010/12/31 09:03:35 | 000,031,316 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Turkey trot video.pkf
[2010/12/31 08:52:59 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DC8.lnk
[2010/12/30 09:55:31 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2010/12/30 09:34:02 | 000,000,191 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\DPE.DUS
[2010/12/28 11:25:47 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Back from a recent road trip.doc
[2010/12/24 16:53:16 | 000,768,000 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Presidiio, TX.doc
[2010/12/24 16:36:44 | 000,000,755 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/12/23 19:18:31 | 000,814,592 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Christmas card1.pub
[2010/12/23 14:51:19 | 000,814,592 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\Christmas card.pub
[2010/12/21 13:47:03 | 000,036,352 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Gary Rossmiller.doc
[2010/12/18 08:35:12 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Photos.lnk
[2010/12/16 19:57:28 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/16 19:46:23 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/08 12:35:45 | 000,000,020 | -HS- | M] () -- C:\ArcDeviceInfo
[2010/12/08 12:34:31 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2010/12/08 12:34:28 | 000,001,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Backup.lnk
[2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/02 11:08:00 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\RSIT.exe
[2011/01/01 19:08:52 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Thumb done wrong.doc
[2011/01/01 16:32:13 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Invoice 2011-01.doc
[2011/01/01 13:39:19 | 000,301,221 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Odessa Xmas.jpg
[2011/01/01 12:33:48 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.lnk
[2011/01/01 12:31:51 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.msi
[2010/12/31 20:15:40 | 001,379,280 | R--- | C] () -- C:\Documents and Settings\Gary\Desktop\I_have_no_secrets.wmv
[2010/12/31 09:03:35 | 000,031,316 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Turkey trot video.pkf
[2010/12/31 09:02:45 | 000,540,220 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Turkey trot video.wav
[2010/12/30 15:10:59 | 000,002,451 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DC8.lnk
[2010/12/27 13:49:31 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\DPE.DUS
[2010/12/24 16:53:15 | 000,768,000 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Presidiio, TX.doc
[2010/12/24 16:36:44 | 000,000,755 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/12/23 19:17:03 | 000,814,592 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Christmas card1.pub
[2010/12/23 11:49:49 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Back from a recent road trip.doc
[2010/12/22 19:16:46 | 000,814,592 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\Christmas card.pub
[2010/12/21 13:41:24 | 000,036,352 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Gary Rossmiller.doc
[2010/12/21 13:36:59 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\files.xls
[2010/12/18 08:35:11 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Photos.lnk
[2010/12/16 19:33:56 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/12/08 12:35:45 | 000,000,020 | -HS- | C] () -- C:\ArcDeviceInfo
[2010/12/08 12:34:31 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Backup Monitor.lnk
[2010/12/08 12:34:28 | 000,001,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TotalMedia Backup.lnk
[2010/11/09 20:22:41 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/10/26 19:31:37 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/10/21 11:46:40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/19 01:22:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/17 17:07:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/22 09:46:52 | 002,719,744 | ---- | C] () -- C:\Program Files\Common Files\aiodrv.msi
[2003/04/22 09:42:04 | 002,588,672 | ---- | C] () -- C:\Program Files\Common Files\aiosw.msi
[2003/04/22 09:24:10 | 000,016,606 | ---- | C] () -- C:\Program Files\Common Files\hpomdl01.dat
[2003/04/22 09:24:02 | 000,019,469 | ---- | C] () -- C:\Program Files\Common Files\autorun.inf
[2003/04/22 09:23:58 | 000,000,267 | ---- | C] () -- C:\Program Files\Common Files\readme.html
[2003/04/09 17:19:46 | 000,002,848 | ---- | C] () -- C:\Program Files\Common Files\hpound08.inf
[2003/04/09 17:19:42 | 000,014,157 | ---- | C] () -- C:\Program Files\Common Files\hpousc08.inf
[2003/04/09 17:00:50 | 000,002,889 | ---- | C] () -- C:\Program Files\Common Files\hpousb08.inf
[2003/04/09 17:00:48 | 000,004,715 | ---- | C] () -- C:\Program Files\Common Files\hpoglu08.inf
[2003/03/20 15:20:50 | 000,022,523 | ---- | C] () -- C:\Program Files\Common Files\HPZius12.cat
[2003/03/20 15:20:48 | 000,022,082 | ---- | C] () -- C:\Program Files\Common Files\hpzist12.cat
[2003/03/20 15:20:46 | 000,024,728 | ---- | C] () -- C:\Program Files\Common Files\HPZipr12.cat
[2003/03/20 15:20:44 | 000,022,082 | ---- | C] () -- C:\Program Files\Common Files\HPZid412.cat
[2003/03/20 15:20:42 | 000,021,641 | ---- | C] () -- C:\Program Files\Common Files\HPOunp08.cat
[2003/03/20 15:20:40 | 000,024,285 | ---- | C] () -- C:\Program Files\Common Files\hposcu08.cat
[2003/03/20 15:20:38 | 000,205,503 | ---- | C] () -- C:\Program Files\Common Files\hpoprn08.cat
[2003/03/09 20:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/03/09 20:30:44 | 000,016,352 | ---- | C] () -- C:\Program Files\Common Files\HPZUCI12.DLL
[2003/03/09 20:30:44 | 000,014,285 | ---- | C] () -- C:\Program Files\Common Files\hpzius12.inf
[2003/03/09 20:30:44 | 000,010,325 | ---- | C] () -- C:\Program Files\Common Files\hpzipr12.inf
[2003/03/09 20:30:44 | 000,003,667 | ---- | C] () -- C:\Program Files\Common Files\hpzist12.inf
[2003/03/09 20:30:42 | 000,063,562 | ---- | C] () -- C:\Program Files\Common Files\hposcu08.inf
[2003/03/09 20:30:42 | 000,051,266 | ---- | C] () -- C:\Program Files\Common Files\hpoprn08.inf
[2003/03/09 20:30:42 | 000,033,952 | ---- | C] () -- C:\Program Files\Common Files\hpzid412.inf
[2003/03/09 20:30:42 | 000,023,186 | ---- | C] () -- C:\Program Files\Common Files\hpzcin06.ex_
[2003/03/09 20:30:42 | 000,003,898 | ---- | C] () -- C:\Program Files\Common Files\hpounp08.inf
[2003/01/07 12:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/09 17:48:02 | 000,458,752 | ---- | C] () -- C:\Program Files\Common Files\tls704d.dll
[2002/09/09 17:47:36 | 000,055,155 | ---- | C] () -- C:\Program Files\Common Files\hpzusb00.sy_
[2002/09/09 17:47:26 | 000,005,705 | ---- | C] () -- C:\Program Files\Common Files\hpzuci02.dl_
[2002/09/09 17:47:08 | 000,025,639 | ---- | C] () -- C:\Program Files\Common Files\hpzpom04.dl_
[2002/09/09 17:46:16 | 000,052,552 | ---- | C] () -- C:\Program Files\Common Files\hpziou01.dl_
[2002/09/09 17:46:06 | 000,046,017 | ---- | C] () -- C:\Program Files\Common Files\hpzion00.sy_

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 1/2/2011 2:42:45 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Gary\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 163.00 Mb Available Physical Memory | 37.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 30.42 Gb Free Space | 81.68% Space Free | Partition Type: NTFS

Computer Name: GARY-8A733E5E27 | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{87A54796-0620-4899-BAF7-7778A7FB54CB}" = ArcSoft TotalMedia Backup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F572F682-E1FD-48F2-BFBF-26C8AFDC990A}" = DC8
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Driver
"CNXT_MODEM_PCI_VEN_10B9&DEV_5457&SUBSYS_0850103C" = Conexant 56K ACLink Modem
"Game Booster_is1" = Game Booster
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PhotoScape" = PhotoScape
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol 2010

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/19/2010 12:47:09 AM | Computer Name = GARY-8A733E5E27 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 10/19/2010 12:48:57 AM | Computer Name = GARY-8A733E5E27 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/8/2010 3:31:59 PM | Computer Name = GARY-8A733E5E27 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/14/2010 10:44:08 PM | Computer Name = GARY-8A733E5E27 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 12/22/2010 11:56:49 PM | Computer Name = GARY-8A733E5E27 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 12/23/2010 6:29:47 PM | Computer Name = GARY-8A733E5E27 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

[ System Events ]
Error - 11/9/2010 9:58:18 PM | Computer Name = GARY-8A733E5E27 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 11/24/2010 12:14:45 PM | Computer Name = GARY-8A733E5E27 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avgwd service.


< End of report >

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:50:40 PM, on 1/2/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7448389587
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4346 bytes
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 2nd, 2011, 9:43 pm

Hasn't popped up as much lately.
Is it still happening at all ?



___________________________________________
Uninstall Programs
Start/control panel/add remove programs ;
And Uninstall if present

Advanced system care 3





______________________________
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
Double click to run it. (Right click and choose Run as Administrator in Vista or Win7)
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, if it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.


______________________________________________
Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs


_________________________
In your next reply I would like to see:

  • The report from Malwarebytes
  • The report from Nod32
  • When was the last time you saw the Pop up ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 3rd, 2011, 1:32 am

Yes, it is still happening!
I visit fixedgeargallery.com, scroll down the left hand side to the comic strip.
Click on it, yehudamoon.com will open in a new window.
and another window:
hxxp://results.google-analytics.com/
down in the taskbar it has:
waiting for egotvonline.com which eventually timed out with this message:
504 Gateway Time-out
nginx

Then I downloaded tfc.exe, that was very quick.
Then I clicked on the Malwarebytes' Anti-Malware which takes you to
techspot.com, is that okay? When the cursor is on the Anti-Malware hyperlink the following address
is displayed in the task bar: hxxp://www.malwarebytes.org/mbam-download.php
clicked on Download and Bingo!!!
Two extra windows opened up:

Mozilla Firefox window 1
hxxp://www.epoclick.com/?ad=129403199
and
Mozilla Firefox window 2
hxxp://tmc01.info/tmc/to.php?id=top
with a floating window:
the page at hxxp://tmc01.info says:
One More thing!...Please click "OK" to continue.
(Obnoxious music and comedy!!!)
and an unresponsive script warning:
Script: chrome://mozapps/content/downloads/downloads.js:128

Regarding Add Uninstall if present, it isn't. I looked in Window components also.
Remove Advanced System Care 3, done.
Clicked to open Anti-Malware from desktop and it said it was corrupted, download again.

Edit: Changed the links to hxxp:... in order to make them safe for readers.
Elrond
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 3rd, 2011, 8:05 am

Small favor when posting links use just type out the name of the site. Using links that may be a problem might let someone else click on them and go to a less than reputable site.


Then I clicked on the Malwarebytes' Anti-Malware which takes you to
techspot.com, is that okay?
Once you click on download free version it should take you to cnet download dot com. Use the link I have supplied this time and try again.





_____________________________
Restore Host File

Download HostsXpert v4.1 and unzip it to your desktop.
  • Double click on HostsXpert.exe to launch the program.
  • Click on Make host file writable (if Available)
  • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
  • Click on Make ReadOnly to secure it against further infection. (unless you plan to use another host file)
  • Exit the program.




______________________________________________
Please download malwarebytes to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the contents of that log.

If you accidently close it you may find it here.
Start -> All Programs -> Malwarebytes' Anti-Malware -> Logs




_______________________________________
  • Open the ESET Online Scanner in Internet Explorer

    [NOTE: FIREFOX USERS will be presented with an additional download please follow the prompts and allow it to download and install it.]
  • Tick the box next to YES, I accept the Terms of Use. and click Start
  • Allow the ActiveX control to be installed by Internet Explorer
  • Once the ActiveX has finished loading click Start to initialize and update the scanner
  • When the Computer scan screen appears, leave Remove found threats UN-checked, but check the box next to Scan unwanted applications. Then click Scan to begin the scan.
  • Once complete and the summary page appears, press Start, copy/paste the following command into the search box and press Enter:
    notepad "C:\Program Files\EsetOnlineScanner\log.txt"
  • The log file should now appear in Notepad, copy and paste the contents in your next response.





_________________________
In your next reply I would like to see:
  • A new HJT log
  • The report from Malwarebytes
  • The report from Nod32 online.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 3rd, 2011, 1:05 pm

The Malware log got away from me. Sorry. Didn't save before I restarted. There was 4 infections, 3 pup? and one adware. Selected all, removed all. When I clicked on ESET download, I got another window from adsonline. ESET didn't find anything, log at bottom.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:01:05 AM, on 1/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup\uBBMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7448389587
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4378 bytes

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=ef5604ada13898448fef4013bb6885c4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-03 04:55:50
# local_time=2011-01-03 09:55:50 (-0700, Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1032 16777173 100 96 0 36410396 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=31024
# found=0
# cleaned=0
# scan_time=3349
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 3rd, 2011, 1:50 pm

Ok Something has been mentioned to me about one of the sites you listed.
The possibility exsists you have a hacked router.
You router comes from the factory with a password that is public information.
In other words anyone can get in and mess with your settings. Causing the redirects you see now.
So this issue may not actually be on the computer but in the router itself.






Let's try this.

_______________________________________
Flush DNS Cache
    Click the Microsoft Start logo in the bottom left corner of the screen
  • Click All Programs
  • Click Accessories
  • Double-click on Command Prompt
  • In the command window type the following, and then hit Enter: ipconfig /flushdns
    (note there's a space between ipconfig and / )
    You will see the following confirmation:
    Successfully flushed the DNS Resolver Cache

    You can copy and paste it . But that's a bit different in a CMD prompt window.
    Copy normally
    ipconfig /flushdns
    In the cmd window click on the top left corner and choose
    edit / paste
    then hit enter.



_____________________________________
Let's get that log from Malwarebytes so I can see it.
Open Malwarebytes >>click on the LOG tab
Open and copy the first report you had done.
It will be in a dated values such as:
mbam-log-2009-01-02 (21-39-41).txt
I want the oldest log. That will be the earliest dated.




_________________________
In your next reply I would like to see:
  • Let me know what type of router you have.
  • The report from Malwarebytes
  • Have the pop-ups quit yet ?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 3rd, 2011, 2:41 pm

successfully flushed the DNS.
when I opened yehudamoon, it opened a yellow pages ad.
We have a Motorola router, waiting for model #, I think 3347
The manager was with tech support this morning re: our service.
I believe the security setting may have
been turned off for the router!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5447

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

1/3/2011 8:33:55 AM
mbam-log-2011-01-03 (08-33-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 155555
Time elapsed: 32 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{b5c9bf17-b451-43ee-aa3e-f7b7f2ed40e4}\RP36\A0019998.rbf (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b5c9bf17-b451-43ee-aa3e-f7b7f2ed40e4}\RP36\A0019999.rbf (PUP.Dealio) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b5c9bf17-b451-43ee-aa3e-f7b7f2ed40e4}\RP36\A0020000.rbf (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{b5c9bf17-b451-43ee-aa3e-f7b7f2ed40e4}\RP36\A0020001.rbf (PUP.Dealio) -> Quarantined and deleted successfully.
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 3rd, 2011, 3:31 pm

The manager was with tech support this morning re: our service.

Is this machine used in a business?
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 3rd, 2011, 5:50 pm

no, just for personal use. Currently unemployed, seasonal employment as a bike mechanic.
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm

Re: Double click adware?

Unread postby Bob4 » January 3rd, 2011, 7:29 pm

Have to got the model number for the router?
We need to reset it.
If your comfortable doing this go ahead. May be all you need to do to have these ads go away.
There is usually a reset button for them.
I would look for a manual online for your specific model first though.

This may be the manual for the 3347
http://broadband.motorola.com/consumers ... NT-QSG.pdf
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6073
Joined: November 12th, 2005, 11:26 am
Location: Florida

Re: Double click adware?

Unread postby AndyGitane » January 3rd, 2011, 8:28 pm

It is a Motorola 3347 and has been reset. I'm still getting pop-ups.
Don't know what to think. Another tenant said she didn't get pop-ups over the holidays traveling with her computer.
I am impressed by the level of service that you've given me. I'll forward a donation soon. There's a big difference between a techie computer guy and an actual IT Tech.
AndyGitane
Regular Member
 
Posts: 23
Joined: November 14th, 2010, 2:24 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware