Page 1 of 3 123 LastLast
Results 1 to 10 of 24
  1. #1
    Member
    Join Date
    Nov 2009
    Posts
    12
    Points
    0

    Default Browser Hijack/Redirect

    I been fighting to get what seems to be a highjacker off my computer. It began with the "Antivirus Pro 2009" attack a week ago, which I have since been able to get rid of with Malawarebytes, but my browsers have been getting hijacked since. I have gone my normal and more routes. Used Windows Livescan, Win Defender, AVG, Ad-Aware, but none have worked. I have attempted to start in safe mode and run a scan, however i get an error regarding my video settings and cannot get safe mode to start, this may be irrelevant, but thought I would include.

    Any help you can provide is greatly appreciated.

    Below are the required scan logs.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:39:08 AM, on 11/18/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Safari\Safari.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\palmOne\Hotsync.exe" -AllUsers
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1225239934468
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.schneiderlogistics...erSetupSP1.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9109 bytes

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/17/2009 at 09:27 PM

    Application Version : 4.30.1004

    Core Rules Database Version : 4285
    Trace Rules Database Version: 2160

    Scan type : Quick Scan
    Total Scan Time : 00:25:54

    Memory items scanned : 491
    Memory threats detected : 0
    Registry items scanned : 503
    Registry threats detected : 0
    File items scanned : 7967
    File threats detected : 200

    Adware.Tracking Cookie
    C:\Documents and Settings\Amber\Cookies\amber@doubleclick[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@optimize.indieclick[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media6degrees[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.hairboutique[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media6degrees[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@bluestreak[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@trafficdashboard[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@socialmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ad.yieldmanager[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@media6degrees[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@hitbox[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.peoplefinders[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.gmbtrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@adecn[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@lucidmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@incentaclick[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@affiliate.kitaramedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@interclick[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@clickcitymenus[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.cheapflights[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@atdmt[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@stats.paypal[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.as4x.tmcs[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.widgetbucks[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@a1.interclick[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@burstnet[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.active[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.widgetbucks[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@azjmp[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.as4x.tmcs[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.socialtrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@peoplefinders[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@antispywareguard[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@at.atwola[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@clickondetroit[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.findhomeanswers[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@lockedonmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@cct.clickable[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@discountscarpets[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@superstats[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@adtech[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@financialcontent.advertserve[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.burstbeacon[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@rm.yieldmanager[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.formatdynamics[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@lfstmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.traderonline[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.burstbeacon[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@service.liveperson[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.monster[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.lucidmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.monster[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@pluckit.demandmedia[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.adultsins[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.consumeraffairs[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@intermundomedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@webventures.directtrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@trafficmp[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@2o7[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@link.mercent[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.vlaze[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@geneseecountyparks[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@d.mediaforceads[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@eas.apm.emediate[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@adrevolver[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[6].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[7].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[4].txt
    C:\Documents and Settings\Amber\Cookies\amber@sales.liveperson[5].txt
    C:\Documents and Settings\Amber\Cookies\amber@bookit.advertserve[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.hotels[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@xiti[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.vlzserver[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@stat.dealtime[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@images.crossmediaservices[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@zedo[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@a.websponsors[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@fluencymedia[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@tacoda[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@adbrite[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@specificmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@overture[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@invitemedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@breakfastatstefanies[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@realmedia[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.findgift[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.neoedge[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@nextag[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.cartoonnetwork[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@specificmedia[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@chitika[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.ntsserve[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@dmtracker[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.burstnet[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.r0.d2roi[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@fastclick[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@specificmedia[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@advertising[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@adv.webmd[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@oaklandcountykidseatfree[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ecnext.advertserve[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@countyfloors[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ad.reunion[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@nextag[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@revsci[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@revsci[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@partner2profit[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@partner2profit[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.burstnet[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.mtvnservices[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.mtvnservices[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@login.tracking101[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ecnext.advertserve[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.clickondetroit[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.undertone[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.pgatour[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@247realmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@mediaplex[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.ecoretrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.associatedcontent[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@thefind[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@richmedia.yahoo[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@z.blogads[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.clickxchange[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.adap[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.adap[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@accountmanager.att[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@discountanimetoys[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@richmedia.yahoo[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@lm.logicalmedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@casalemedia[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@bs.serving-sys[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ad.thewheelof[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@adinterax[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.bluelithium[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.cnn[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.digital-digest[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@ads.mininova[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@atwola[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@atwola[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@click.adpaths.co[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@clicktracks.aristotle[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@collective-media[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@collective-media[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@content.yieldmanager[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@counter.surfcounters[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@e1.cdn.qnsr[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@eyewonder[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@l1.qsstats[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.adrevolver[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.expedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@media.legacy[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@partners.tattomedia[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@pointroll[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@pt.crossmediaservices[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@qnsr[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@qnsr[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@serving-sys[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@stats.manticoretechnology[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@stats2.clicktracks[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@stats4.clicktracks[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@statse.webtrendslive[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@t.lynxtrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@track.bestbuy[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@track.newjobs[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@trackalyzer[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@tracking.foxnews[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@tracking.gajmp[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@tribalfusion[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.clickmanage[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.clickmanage[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.mlsfinder[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.mlsfinder[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.qsstats[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.qsstats[2].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.qsstats[3].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.qsstats[4].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.tltrack[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@www.usenext[1].txt
    C:\Documents and Settings\Amber\Cookies\amber@yieldmanager[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@consumergain[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@media6degrees[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@interclick[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@www.burstbeacon[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@adecn[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@atwola[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@media.mtvnservices[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@www.findgift[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@ads.revsci[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@www.burstnet[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@partner2profit[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@precisionclick[2].txt
    C:\Documents and Settings\Guest\Cookies\guest@dmtracker[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@ad-zone.smartvideochannel[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@snap9.advertserve[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@collective-media[1].txt
    C:\Documents and Settings\Guest\Cookies\guest@nextag[1].txt


    Malwarebytes' Anti-Malware 1.41
    Database version: 3192
    Windows 5.1.2600 Service Pack 3

    11/18/2009 6:27:01 AM
    mbam-log-2009-11-18 (06-27-01).txt

    Scan type: Full Scan (C:\|E:\|F:\|)
    Objects scanned: 271449
    Time elapsed: 1 hour(s), 22 minute(s), 2 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Last edited by Canuck; 11-19-2009 at 04:27 PM.

  2. #2
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Welcome to H2G.

    Open HijackThis and select Do a system scan only

    Vista users right click on HijackThis and select Run as Administrator. (you will receive a UAC prompt, please allow it)

    Place a check mark next to the following entries: (if there)

    • R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    • R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    • O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    • O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    • O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ----------

    Download DDS from |HERE| or |HERE| or |HERE| and save it to your desktop.

    Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

    * XP users Double click on dds to run it.
    * If your antivirus or firewall try to block DDS then please allow it to run.
    * When finished DDS will open two (2) logs.

    1) DDS.txt
    2) Attach.txt

    * Save both logs to your desktop.
    * Please copy and paste the entire contents of both logs in your next reply.

    Note: DDS will instruct you to post the Attach.txt log as an attachment.
    Please just post it as you would any other log by copy and pasting it into the reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  3. #3
    Member
    Join Date
    Nov 2009
    Posts
    12
    Points
    0

    Default

    Completed both tasks, but only the DDS.txt file was available following the scan. It did not automatically open the logs following the scan...this may be irrelevant. I ran a 2nd time to see if I missed something, but the same thing occurred. Thank you for your assistance. DDS.txt pasted below.

    Also, the files that that remained in the folder I launched DDS from are....DDS.txt, svclist.dat, FILES00, DDS02, active_setup.dat, temp00, temp01, DbPath.




    DDDS (Ver_09-11-23.01) - NTFSx86
    Run by Curtis at 21:37:20.12 on Sun 11/22/2009
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1286 [GMT -5:00]

    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Curtis\My Documents\Downloads\dds.scr

  4. #4
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

    * Double click on RSIT.exe to run.
    * Click Continue at the disclaimer screen.
    * Once it has finished, two logs will open.
    * log.txt <will be maximized and info.txt <will be minimized
    * Please post the contents of both logs in the next reply.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  5. #5
    Member
    Join Date
    Nov 2009
    Posts
    12
    Points
    0

    Default

    Thanks again, log and info files below.


    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Curtis at 2009-11-23 16:44:07
    Microsoft Windows XP Professional Service Pack 3
    System drive C: has 145 GB (76%) free of 191 GB
    Total RAM: 2046 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:44:27 PM, on 11/23/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\ATT-SST\McciTrayApp.exe
    C:\WINDOWS\vsnpstd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\palmOne\Hotsync.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Curtis\My Documents\Downloads\RSIT.exe
    C:\Program Files\Trend Micro\HijackThis\Curtis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
    O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\palmOne\Hotsync.exe" -AllUsers
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O4 - Startup: HotSync Manager.lnk = ?
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8942.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1225239934468
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://hgtv.view22.com/view22/app/view22rte.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://webaccess.schneiderlogistics...erSetupSP1.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Unknown owner - C:\WINDOWS\system32\IcdSptSv.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8930 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-10 1475864]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-14 41760]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-14 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
    SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]
    {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-07-10 1174920]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-02-26 16125440]
    "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
    "NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-16 7110656]
    "nwiz"=nwiz.exe /install []
    "NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-07-16 86016]
    "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
    "ATT-SST_McciTrayApp"=C:\Program Files\ATT-SST\McciTrayApp.exe [2008-09-18 1529856]
    "snpstd"=C:\WINDOWS\vsnpstd.exe [2003-12-31 40960]
    "QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe [2009-09-05 417792]
    "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
    "AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-12 2020120]
    "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-14 149280]
    "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
    "HotSync"=C:\Program Files\palmOne\Hotsync.exe [2008-01-03 1392640]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-11-11 2001648]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

    C:\Documents and Settings\Curtis\Start Menu\Programs\Startup
    HotSync Manager.lnk - C:\Program Files\palmOne\Hotsync.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
    C:\WINDOWS\system32\avgrsstx.dll [2009-11-08 12464]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~3\MpShHook.dll [2006-11-03 83224]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispScrSavPage"=0
    "NoDispAppearancePage"=0
    "NoColorChoice"=0
    "NoSizeChoice"=0
    "NoDispCPL"=0
    "NoVisualStyleChoice"=0
    "NoDispSettingsPage"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    "NoActiveDesktopChanges"=0
    "NoActiveDesktop"=0
    "NoThemesTab"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
    "C:\Program Files\Grisoft\AVG7\avginet.exe"="C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe"
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe"="C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\Program Files\Grisoft\AVG7\avgcc.exe"="C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime"
    "C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat"="C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\game.dat:*:Enabled:The Battle for Middle-earth (tm)"
    "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*isabled:Internet Explorer"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
    "C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox"
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
    "C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

    ======List of files/folders created in the last 1 months======

    2009-11-23 16:44:07 ----D---- C:\rsit
    2009-11-22 16:24:22 ----D---- C:\Program Files\Ask.com
    2009-11-18 06:38:42 ----D---- C:\Program Files\Trend Micro
    2009-11-17 21:55:57 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2009-11-17 21:55:29 ----D---- C:\Program Files\CCleaner
    2009-11-17 20:58:51 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-11-17 20:58:40 ----D---- C:\Program Files\SUPERAntiSpyware
    2009-11-17 20:58:40 ----D---- C:\Documents and Settings\Curtis\Application Data\SUPERAntiSpyware.com
    2009-11-17 20:57:08 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-11-15 22:32:56 ----A---- C:\WINDOWS\system32\ieencode.dll
    2009-11-15 21:29:05 ----D---- C:\Program Files\ATT-PRT22-WISE
    2009-11-15 21:29:02 ----D---- C:\Program Files\ATT
    2009-11-15 15:36:21 ----A---- C:\WINDOWS\system32\lsdelete.exe
    2009-11-15 13:00:46 ----HDC---- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-15 13:00:26 ----D---- C:\Program Files\Lavasoft
    2009-11-14 10:09:15 ----D---- C:\Program Files\Windows Defender
    2009-11-14 08:44:46 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-11-14 08:44:46 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-11-14 08:44:46 ----A---- C:\WINDOWS\system32\java.exe
    2009-11-11 22:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
    2009-11-08 10:49:03 ----D---- C:\Documents and Settings\Curtis\Application Data\Malwarebytes
    2009-11-08 10:48:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-11-08 10:48:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-11-08 08:01:07 ----HD---- C:\$AVG
    2009-11-08 08:00:40 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    2009-11-08 08:00:18 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
    2009-11-08 07:59:29 ----D---- C:\WINDOWS\SxsCaPendDel
    2009-11-07 13:32:37 ----N---- C:\WINDOWS\system32\MpSigStub.exe
    2009-11-03 18:20:36 ----D---- C:\Program Files\MSECache
    2009-10-31 11:25:54 ----D---- C:\Documents and Settings\Curtis\Application Data\InstallShield Installation Information
    2009-10-31 10:35:14 ----D---- C:\Documents and Settings\Curtis\Application Data\InstallShield
    2009-10-31 08:09:00 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2009-10-29 16:02:42 ----D---- C:\Program Files\iPod
    2009-10-29 16:02:37 ----D---- C:\Program Files\iTunes
    2009-10-29 15:58:40 ----SHD---- C:\Config.Msi
    2009-10-24 11:09:26 ----D---- C:\Program Files\Digiarty

    ======List of files/folders modified in the last 1 months======

    2009-11-23 16:38:10 ----D---- C:\Program Files\Mozilla Firefox
    2009-11-23 16:34:45 ----D---- C:\WINDOWS\Temp
    2009-11-22 21:53:02 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-11-22 21:44:27 ----A---- C:\WINDOWS\NeroDigital.ini
    2009-11-22 21:26:14 ----D---- C:\WINDOWS\Prefetch
    2009-11-22 19:07:36 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-11-22 18:42:44 ----D---- C:\Program Files\PeerGuardian2
    2009-11-22 18:42:44 ----D---- C:\Documents and Settings\Curtis\Application Data\BitTorrent
    2009-11-22 16:24:28 ----SHD---- C:\WINDOWS\Installer
    2009-11-22 16:24:26 ----SD---- C:\WINDOWS\Tasks
    2009-11-22 16:24:22 ----RD---- C:\Program Files
    2009-11-22 16:24:09 ----D---- C:\Program Files\BitTorrent
    2009-11-18 17:23:08 ----D---- C:\WINDOWS
    2009-11-17 21:59:38 ----D---- C:\WINDOWS\Debug
    2009-11-17 21:55:48 ----D---- C:\Program Files\Yahoo!
    2009-11-17 20:57:08 ----D---- C:\Program Files\Common Files
    2009-11-16 15:59:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-11-16 15:59:14 ----D---- C:\WINDOWS\system32\en-US
    2009-11-16 15:59:13 ----HD---- C:\WINDOWS\inf
    2009-11-16 15:59:13 ----D---- C:\WINDOWS\system32
    2009-11-16 15:59:13 ----D---- C:\WINDOWS\Media
    2009-11-16 15:59:13 ----D---- C:\WINDOWS\Help
    2009-11-16 15:59:13 ----D---- C:\Program Files\Internet Explorer
    2009-11-15 23:00:47 ----D---- C:\WINDOWS\ie8updates
    2009-11-15 22:43:48 ----D---- C:\WINDOWS\system32\CatRoot
    2009-11-15 22:12:34 ----D---- C:\Program Files\Common Files\Motive
    2009-11-15 21:37:32 ----D---- C:\Documents and Settings\Curtis\Application Data\Juniper Networks
    2009-11-15 21:35:22 ----D---- C:\Program Files\Coupons
    2009-11-15 21:34:38 ----HD---- C:\Program Files\InstallShield Installation Information
    2009-11-15 21:34:38 ----D---- C:\Program Files\Sony
    2009-11-15 21:27:16 ----D---- C:\Program Files\palmOne
    2009-11-15 21:14:14 ----D---- C:\Program Files\Spybot - Search & Destroy
    2009-11-15 21:12:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-15 13:02:59 ----D---- C:\WINDOWS\system32\drivers
    2009-11-15 13:02:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
    2009-11-15 13:00:21 ----D---- C:\WINDOWS\WinSxS
    2009-11-14 16:17:40 ----D---- C:\WINDOWS\system32\Restore
    2009-11-14 16:03:57 ----HD---- C:\WINDOWS\$hf_mig$
    2009-11-14 10:27:04 ----D---- C:\Program Files\Windows Live Safety Center
    2009-11-14 10:09:17 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2009-11-14 10:09:15 ----D---- C:\WINDOWS\pchealth
    2009-11-14 08:44:29 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-11-14 08:38:52 ----D---- C:\Program Files\Java
    2009-11-12 22:15:23 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
    2009-11-12 22:02:37 ----D---- C:\Backup Movie
    2009-11-08 08:00:44 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2009-11-08 08:00:19 ----D---- C:\Program Files\AVG
    2009-11-07 13:31:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
    2009-11-07 09:53:06 ----SD---- C:\WINDOWS\Downloaded Program Files
    2009-11-05 09:36:22 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-11-05 06:36:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-11-03 18:20:56 ----RSD---- C:\WINDOWS\Fonts
    2009-11-03 18:20:51 ----D---- C:\Program Files\Microsoft Office
    2009-10-31 11:27:02 ----D---- C:\WINDOWS\system32\DirectX
    2009-10-31 08:09:24 ----D---- C:\Documents and Settings\Curtis\Application Data\AdobeUM
    2009-10-31 08:07:06 ----D---- C:\Program Files\Adobe
    2009-10-29 16:02:41 ----D---- C:\Program Files\Common Files\Apple

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-08 333192]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-08 28424]
    R1 AvgTdiX;AVG8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-10 360584]
    R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
    R1 BS_I2cIo;BS_I2cIo; \??\C:\WINDOWS\system32\drivers\BS_I2cIo.sys []
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2005-04-14 141582]
    R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2006-03-15 43008]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-01 4484608]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-16 3198208]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
    R3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
    R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 CO_Mon;CO_Mon; \??\C:\WINDOWS\system32\Drivers\CO_Mon.sys []
    S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
    S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
    S3 ICDSX;Sony IC Recorder (SX); C:\WINDOWS\System32\Drivers\ICDSX.sys [2003-10-01 31744]
    S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
    S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
    S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
    S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 snpstd;GE 98063 EasyCam; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-02-19 299776]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
    S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
    S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
    R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-08 285392]
    R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-14 153376]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-11-22 1184912]
    R2 NMSAccessU;NMSAccessU; C:\Program Files\Digiarty\WinX DVD Author 5.5\NMSAccessU.exe [2008-05-03 71096]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-16 127043]
    R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
    S2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
    S3 ICDSPTSV;Sony SPTI Service for DVE; C:\WINDOWS\system32\IcdSptSv.exe []
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
    S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
    S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

    -----------------EOF-----------------




    info.txt logfile of random's system information tool 1.06 2009-11-23 16:44:30

    ======Uninstall list======

    -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F268C239-DA79-4BFA-8C5D-EF7E899A295A}\Setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
    Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
    Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
    AT&T Self Support Tool-->C:\Program Files\ATT-SST\Uninstall.exe
    ATT-PRT22-->C:\PROGRA~1\ATT-PR~1\UNWISE.EXE C:\PROGRA~1\ATT-PR~1\INSTALL.LOG
    AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
    BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
    Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
    Canon iP1600-->C:\WINDOWS\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
    Cars Demo-->MsiExec.exe /X{8D361950-BDB3-40CF-B57C-53F9F4E5048A}
    CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
    Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\Setup.exe" -l0x9 UNINSTALL
    ForeAthlete Logbook-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B134F4A-6C37-48F6-944D-B709BB6DCE47}\Setup.exe" -l0x9
    Free iPod Video Converter 1.26-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
    Garmin Training Center 3.4.3-->MsiExec.exe /X{CEAEEFA6-DEBC-4B16-8F04-84C81440CA32}
    Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
    Garmin WebUpdater-->MsiExec.exe /X{E0783143-EAE2-4047-A8D6-E155523C594C}
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Documents and Settings\Curtis\Local Settings\Temporary Internet Files\Content.IE5\1J63HKSS\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
    iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
    Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
    K-Lite Mega Codec Pack 1.25-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
    Logitech Gaming Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C1DA723-24FC-48AD-93BA-925695C3EF26}\setup.exe" -l0x9 -removeonly
    M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1-->"C:\Program Files\Tag Support Plugin for Media Player\unins000.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Merriam-Webster's SPELL-JAM (remove only)-->"C:\Program Files\Yahoo! Games\Merriam-Webster's SPELL-JAM\Uninstall.exe"
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
    Microsoft Money 2004-->MsiExec.exe /I{1D643CD4-4DD6-11D7-A4E0-000874180BB3}
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
    Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
    Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Nero 7 Premium-->MsiExec.exe /I{235BBFC6-D863-4066-A01A-3BD504C31033}
    NVDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7EC003A3-51E9-4019-BEC0-DF99B0DF5CCF}\setup.exe" -uninstall
    NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
    NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
    Palm Desktop by ACCESS-->MsiExec.exe /X{98F2555F-6749-49BA-949F-FC887831A524}
    PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
    Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
    QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
    Sony Player Plug-in for Windows Media Player-->C:\PROGRA~1\Sony\PLAYER~1\UNINST.EXE
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    Text Twist (remove only)-->C:\Program Files\Yahoo! Games\TextTwist\Uninstall.exe {ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
    Text Twist-->MsiExec.exe /X{ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}
    The Battle for Middle-earth (tm)-->C:\Program Files\EA GAMES\The Battle for Middle-earth (tm)\EAUninstall.exe
    Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
    Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
    VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
    VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
    VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    WarpSpeeder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EB4EAD4A-8A80-43A5-8B23-78A2F6B26298}\setup.exe"
    WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly
    WinAVIVideoConverter-->"C:\Program Files\WinAVIVideoConverter\unins000.exe"
    Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A9469BDAE635AC0807AE\grmnusb.inf
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Winflash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{242FBF70-03A3-4317-931F-FA7798F39A13}\setup.exe"
    WinRAR-->"C:\WINDOWS\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
    WinX DVD Author 5.5.8-->"C:\Program Files\Digiarty\WinX DVD Author 5.5\unins000.exe"
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

    =====HijackThis Backups=====

    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-11-22]
    O3 - Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file) [2009-11-22]
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present [2009-11-22]
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) [2009-11-22]
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE [2009-11-22]

    ======Hosts File======

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 008k.com
    127.0.0.1 00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======System event log======

    Computer Name: CURTIS-8E041D59
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 4190
    Source Name: Tcpip
    Time Written: 20091009233902.000000-240
    Event Type: warning
    User:

    Computer Name: CURTIS-8E041D59
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 4189
    Source Name: Tcpip
    Time Written: 20091009204119.000000-240
    Event Type: warning
    User:

    Computer Name: CURTIS-8E041D59
    Event Code: 7000
    Message: The NTPort Library Driver service failed to start due to the following error:
    The specified driver is invalid.


    Record Number: 4168
    Source Name: Service Control Manager
    Time Written: 20091009170143.000000-240
    Event Type: error
    User:

    Computer Name: CURTIS-8E041D59
    Event Code: 7000
    Message: The NTPort Library Driver service failed to start due to the following error:
    The specified driver is invalid.


    Record Number: 4142
    Source Name: Service Control Manager
    Time Written: 20091008083859.000000-240
    Event Type: error
    User:

    Computer Name: CURTIS-8E041D59
    Event Code: 4226
    Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

    Record Number: 4137
    Source Name: Tcpip
    Time Written: 20091007172825.000000-240
    Event Type: warning
    User:

    =====Application event log=====

    Computer Name: CURTIS-8E041D59
    Event Code: 1041
    Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Record Number: 3705
    Source Name: Userenv
    Time Written: 20091008102648.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: CURTIS-8E041D59
    Event Code: 1041
    Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Record Number: 3703
    Source Name: Userenv
    Time Written: 20091008084521.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: CURTIS-8E041D59
    Event Code: 1041
    Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Record Number: 3702
    Source Name: Userenv
    Time Written: 20091008084521.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: CURTIS-8E041D59
    Event Code: 1041
    Message: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

    Record Number: 3698
    Source Name: Userenv
    Time Written: 20091008083848.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    Computer Name: CURTIS-8E041D59
    Event Code: 1041
    Message: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

    Record Number: 3697
    Source Name: Userenv
    Time Written: 20091008083848.000000-240
    Event Type: error
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\K-Lite Codec Pack\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
    "PROCESSOR_REVISION"=0407
    "NUMBER_OF_PROCESSORS"=2
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

    -----------------EOF-----------------

  6. #6
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Go to Add or Remove Programs and uninstall:

    - Ask Toolbar



    Open HijackThis and select Do a system scan only

    Place a check mark next to the following entries: (if there)

    • O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] \"C:\Program Files\Malwarebytes\' Anti-Malware\mbam.exe\" /runcleanupscript


    Important: Close all open windows except for HijackThis and then click Fix checked.

    Once completed, exit HijackThis.

    ----------

    If you already have ComboFix be sure to delete it and download a new copy.

    Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

    Link #1
    Link #2

    **Note: It is important that it is saved directly to your Desktop

    Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

    Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

    Double click combofix.exe & follow the prompts.
    Vista users Right-Click on ComboFix.exe and select Run as administrator (you will receive a UAC prompt, please allow it)
    When finished ComboFix will produce a log for you.
    Post the ComboFix log in your next reply.

    Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

    Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

    If you have problems with ComboFix usage, see How to use ComboFix
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  7. #7
    Member
    Join Date
    Nov 2009
    Posts
    12
    Points
    0

    Default

    ComboFix 09-11-23.02 - Curtis 11/23/2009 21:29.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1352 [GMT -5:00]
    Running from: c:\documents and settings\Curtis\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .

    ((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
    .

    2009-11-24 02:03 . 2009-11-24 02:03 -------- d-----w- c:\documents and settings\Curtis\Application Data\AVG9
    2009-11-23 21:44 . 2009-11-23 21:44 -------- d-----w- C:\rsit
    2009-11-22 21:26 . 2009-11-12 22:36 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-11-22 21:26 . 2009-11-12 22:36 3963648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-11-22 21:26 . 2009-11-08 13:00 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2009-11-22 21:26 . 2009-11-10 14:17 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-11-18 11:38 . 2009-11-18 11:38 -------- d-----w- c:\program files\Trend Micro
    2009-11-18 02:55 . 2009-11-18 02:56 -------- d-----w- c:\program files\CCleaner
    2009-11-18 01:59 . 2009-11-22 21:32 117760 ----a-w- c:\documents and settings\Curtis\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2009-11-18 01:58 . 2009-11-18 01:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2009-11-18 01:58 . 2009-11-23 21:58 -------- d-----w- c:\program files\SUPERAntiSpyware
    2009-11-18 01:58 . 2009-11-18 01:58 -------- d-----w- c:\documents and settings\Curtis\Application Data\SUPERAntiSpyware.com
    2009-11-18 01:57 . 2009-11-18 01:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-11-16 21:21 . 2009-11-24 02:03 0 ----a-w- c:\documents and settings\Curtis\Local Settings\Application Data\prvlcl.dat
    2009-11-16 03:32 . 2009-08-29 07:36 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-11-16 03:32 . 2009-08-29 07:36 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-11-16 02:29 . 2009-11-16 03:10 -------- d-----w- c:\program files\ATT-PRT22-WISE
    2009-11-16 02:29 . 2009-11-16 02:29 -------- d-----w- c:\program files\ATT
    2009-11-15 20:36 . 2009-11-15 18:02 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2009-11-15 18:01 . 2009-11-22 21:33 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-11-15 18:01 . 2009-11-22 21:33 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-11-15 18:01 . 2009-11-22 21:33 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-11-15 18:00 . 2009-11-15 18:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
    2009-11-15 18:00 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    2009-11-15 18:00 . 2009-11-15 18:00 -------- d-----w- c:\program files\Lavasoft
    2009-11-14 15:09 . 2009-11-14 15:09 -------- d-----w- c:\program files\Windows Defender
    2009-11-14 14:54 . 2009-11-14 14:54 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    2009-11-14 13:44 . 2009-11-14 13:44 152576 ----a-w- c:\documents and settings\Curtis\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-13 22:51 . 2009-11-13 22:51 -------- d-----w- c:\documents and settings\Amber\Local Settings\Application Data\AVG Security Toolbar
    2009-11-08 16:51 . 2009-11-08 16:51 -------- d-----w- c:\documents and settings\Amber\Application Data\Malwarebytes
    2009-11-08 15:49 . 2009-11-08 15:49 -------- d-----w- c:\documents and settings\Curtis\Application Data\Malwarebytes
    2009-11-08 15:48 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-08 15:48 . 2009-11-08 16:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-08 15:48 . 2009-11-08 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-11-08 15:48 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-08 13:17 . 2009-11-08 13:17 -------- d-----w- c:\documents and settings\Curtis\Local Settings\Application Data\AVG Security Toolbar
    2009-11-08 13:14 . 2009-10-16 17:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-11-08 13:01 . 2009-11-08 13:12 -------- d-----w- C:\$AVG
    2009-11-08 13:00 . 2009-11-14 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-11-08 13:00 . 2009-11-18 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2009-11-08 12:59 . 2009-11-08 12:59 -------- d-----w- c:\windows\SxsCaPendDel
    2009-11-07 18:32 . 2009-11-03 01:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-07 14:43 . 2009-11-08 16:07 -------- d-----w- c:\documents and settings\Curtis\Local Settings\Application Data\crlsvo
    2009-11-03 23:20 . 2009-11-03 23:20 -------- d-----w- c:\program files\MSECache
    2009-11-02 12:49 . 2009-11-02 13:07 -------- d-----w- c:\documents and settings\Amber\Local Settings\Application Data\Adobe
    2009-11-01 20:54 . 2009-11-01 21:00 -------- d-----w- c:\documents and settings\Curtis\Local Settings\Application Data\Adobe
    2009-10-31 16:25 . 2008-05-23 16:25 492164 ------w- c:\documents and settings\Curtis\Application Data\InstallShield Installation Information\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}\ISSetup.dll
    2009-10-31 16:25 . 2008-05-23 16:25 373680 ----a-w- c:\documents and settings\Curtis\Application Data\InstallShield Installation Information\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}\_setup.dll
    2009-10-31 16:25 . 2008-05-23 16:25 456416 ----a-w- c:\documents and settings\Curtis\Application Data\InstallShield Installation Information\{B94C6815-7BCC-4124-AC39-9208A06FFFA7}\setup.exe
    2009-10-31 16:25 . 2009-10-31 16:25 -------- d-----w- c:\documents and settings\Curtis\Application Data\InstallShield Installation Information
    2009-10-31 15:35 . 2009-10-31 15:35 -------- d-----w- c:\documents and settings\Curtis\Application Data\InstallShield
    2009-10-29 21:02 . 2009-10-29 21:02 -------- d-----w- c:\program files\iPod
    2009-10-29 21:02 . 2009-10-29 21:03 -------- d-----w- c:\program files\iTunes
    2009-10-29 20:55 . 2009-10-29 20:55 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-24 01:45 . 2008-06-16 11:20 -------- d-----w- c:\program files\Yahoo!
    2009-11-24 01:25 . 2007-08-05 02:23 -------- d-----w- c:\program files\PeerGuardian2
    2009-11-24 01:20 . 2007-08-05 02:20 -------- d-----w- c:\documents and settings\Curtis\Application Data\BitTorrent
    2009-11-23 22:46 . 2009-04-03 21:16 -------- d-----w- c:\program files\ATT-SST
    2009-11-23 22:46 . 2008-11-01 21:00 -------- d-----w- c:\program files\Common Files\Motive
    2009-11-22 21:24 . 2007-08-05 02:20 -------- d-----w- c:\program files\BitTorrent
    2009-11-18 00:58 . 2009-10-03 14:53 23344 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-11-16 02:37 . 2007-09-29 15:04 -------- d-----w- c:\documents and settings\Curtis\Application Data\Juniper Networks
    2009-11-16 02:35 . 2009-06-06 13:06 -------- d-----w- c:\program files\Coupons
    2009-11-16 02:34 . 2007-08-30 00:07 -------- d-----w- c:\program files\Sony
    2009-11-16 02:34 . 2007-08-05 00:57 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-16 02:27 . 2008-08-30 12:36 -------- d-----w- c:\program files\palmOne
    2009-11-16 02:14 . 2007-09-03 03:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-16 02:12 . 2007-09-03 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-11-15 18:02 . 2009-11-15 18:02 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-11-15 18:02 . 2009-11-15 18:02 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2009-11-15 18:02 . 2009-11-15 18:02 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2009-11-15 18:02 . 2009-11-15 18:02 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-11-15 18:02 . 2009-11-15 18:02 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
    2009-11-15 18:02 . 2009-11-15 18:02 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2009-11-15 18:02 . 2009-11-15 18:02 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2009-11-15 18:02 . 2009-11-15 18:02 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
    2009-11-15 18:02 . 2009-11-15 18:02 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-11-14 15:27 . 2008-08-11 23:04 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-11-14 13:44 . 2009-01-09 23:05 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-11-14 13:38 . 2007-11-04 23:53 -------- d-----w- c:\program files\Java
    2009-11-13 03:15 . 2007-08-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-11-10 14:18 . 2008-06-29 12:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-08 13:00 . 2008-06-29 12:01 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-08 13:00 . 2007-08-05 02:56 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-08 13:00 . 2008-06-29 12:01 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-08 13:00 . 2008-06-29 12:01 -------- d-----w- c:\program files\AVG
    2009-11-07 19:10 . 2007-10-13 11:46 22368 ----a-w- c:\documents and settings\Amber\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-04 12:12 . 2007-08-05 14:29 22368 ----a-w- c:\documents and settings\Curtis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-31 13:09 . 2007-08-05 17:22 -------- d-----w- c:\documents and settings\Curtis\Application Data\AdobeUM
    2009-10-29 21:02 . 2008-05-03 19:18 -------- d-----w- c:\program files\Common Files\Apple
    2009-10-24 16:09 . 2009-10-24 16:09 -------- d-----w- c:\program files\Digiarty
    2009-10-23 23:59 . 2007-08-05 12:59 -------- d-----w- c:\documents and settings\Amber\Application Data\AdobeUM
    2009-10-22 13:13 . 2008-05-03 23:57 -------- d-----w- c:\documents and settings\Amber\Application Data\Apple Computer
    2009-10-03 14:15 . 2009-02-06 22:09 -------- d-----w- c:\program files\Safari
    2009-09-23 12:55 . 2009-11-15 18:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2009-09-18 21:18 . 2009-09-18 21:18 75080 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 4.31.9.1\SetupAdmin.exe
    2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 07:36 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2009-08-29 07:36 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-08-28 23:42 . 2009-03-29 14:45 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-28 23:42 . 2008-08-27 02:10 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-11-23 2001648]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-16 7110656]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-07-16 86016]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
    "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2009-10-22 1577984]
    "snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]
    "QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-12 2020120]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 149280]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
    "HotSync"="c:\program files\palmOne\Hotsync.exe" [2008-01-03 1392640]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-02-26 16125440]
    "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2005-07-16 1519616]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

    c:\documents and settings\Amber\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]

    c:\documents and settings\Curtis\Start Menu\Programs\Startup\
    HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
    HotSync Manager.lnk - c:\program files\palmOne\Hotsync.exe [2008-1-3 1392640]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-08 13:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitTorrent\\bittorrent.exe"=
    "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
    "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/15/2009 1:02 PM 64288]
    R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [8/4/2007 7:48 PM 17920]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/29/2008 7:01 AM 333192]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/29/2008 7:01 AM 360584]
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [8/4/2007 7:33 PM 13696]
    R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [8/4/2007 8:02 PM 8192]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/8/2009 8:00 AM 285392]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1184912]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
    S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
    S3 ICDSX;Sony IC Recorder (SX);c:\windows\system32\drivers\ICDSX.sys [8/29/2007 7:07 PM 31744]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SASDIFSV
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 21:33]

    2009-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
    Trusted Zone: motive.com\patttbc.att
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    FF - ProfilePath - c:\documents and settings\Curtis\Application Data\Mozilla\Firefox\Profiles\zozzpnij.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\documents and settings\Curtis\Application Data\Move Networks\plugins\npqmp071504000001.dll
    FF - plugin: c:\progra~1\palmOne\PACKAG~1\NPInstal.dll
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin7.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin8.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
    AddRemove-HijackThis - c:\documents and settings\Curtis\Local Settings\Temporary Internet Files\Content.IE5\1J63HKSS\HijackThis.exe
    AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
    AddRemove-Text Twist - c:\program files\Yahoo! Games\TextTwist\Uninstall.exe {ADC4B5E2-AE11-A2BE-7EE5-4AED8B12145B}



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2009-11-23 21:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(704)
    c:\windows\system32\WININET.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    - - - - - - - > 'lsass.exe'(764)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'explorer.exe'(528)
    c:\windows\system32\WININET.dll
    c:\windows\system32\nview.dll
    c:\windows\system32\nvwddi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-11-23 21:55
    ComboFix-quarantined-files.txt 2009-11-24 02:55

    Pre-Run: 157,000,810,496 bytes free
    Post-Run: 157,468,172,288 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 18D7B6763D289DF91A7B3458B7F65160

  8. #8
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
    * Now type Combofix /Uninstall in the runbox
    * Make sure there's a space between Combofix and /Uninstall
    * Then hit Enter

    * The above procedure will:
    * Delete the following:
    * ComboFix and its associated files and folders.
    * Reset the clock settings.
    * Hide file extensions, if required.
    * Hide System/Hidden files, if required.
    * Set a new, clean Restore Point.

    ----------

    Clean out your temporary internet files and temp files.

    Download TFC by OldTimer to your desktop.

    Double-click TFC.exe to run it.

    Note: If you are running on Vista, right-click on the file and choose Run As Administrator

    TFC will close all programs when run, so make sure you have saved all your work before you begin.

    * Click the Start button to begin the cleaning process.
    * Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
    * Please let TFC run uninterrupted until it is finished.

    Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.

    ----------


    How is the computer running now?
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

  9. #9
    Member
    Join Date
    Nov 2009
    Posts
    12
    Points
    0

    Default

    No Random Hijack of either Mozilla, Safari, or IE. I believe the problem has been eliminated. Thanks for all your assistance

  10. #10
    Moderator Forum Moderator evilfantasy's Avatar
    Join Date
    Jan 2008
    Location
    Tulsa, OK
    Posts
    4,670
    Points
    673

    Default

    Your welcome.

    Final suggestions.

    Use the Secunia Software Inspector to check for out of date software.
    Click Start Now
    Check the box next to Enable thorough system inspection.
    Click Start
    Allow the scan to finish and scroll down to see if any updates are needed.
    Update anything listed.

    ----------

    Go to Microsoft Windows Update and get all critical security updates. (you will need to use Internet Explorer to do this)

    ----------

    SpywareBlaster - Secure your Internet Explorer to make it harder for these ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
    * Using SpywareBlaster to protect your computer from Spyware and Malware

    I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

    Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

    Learn more about how to protect yourself while on the Internet from the following link. So how did I get infected in the first place? by Tony Klien.
    .


    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you, Please Donate to the Forum

Page 1 of 3 123 LastLast