Windows XP Recovery, No DDS! [Archive] - Safer-Networking Forums

View Full Version : Windows XP Recovery, No DDS!

timmyt224

2011-05-29, 17:20

This lame virus, Windows XP Recovery, appeared yesterday. I have booted up in Safe Mode with Networking, however I can not see all my programs and my desk top is black. I think this virus has been here for awhile as my computer has been very slow, Not Responding in certain programs. I have nothing further at this time and will stand by for further instructions.
Thanks, Tim

.
DDS (Ver_11-05-19.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Tim at 11:31:50 on 2011-05-29
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.22 [GMT -4:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Security Suite *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.app.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [LoBoUYvVYw] c:\documents and settings\all users\application data\LoBoUYvVYw.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoDesktop = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-1-3 11608]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2011-1-3 710696]
S2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe --> c:\progra~1\agnitum\outpos~1\acs.exe [?]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-3 136360]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-3 269480]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-3 61960]
S2 mrtRate;mrtRate; [x]
S3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2011-1-3 34280]
S3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2011-1-3 267624]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2011-1-3 72352]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-1-1 18560]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2002-8-29 14336]
S3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2011-1-3 241088]
S3 VBFilt;VBFilt;c:\windows\system32\filt\VBFilt.dll [2011-1-3 36288]
.
=============== Created Last 30 ================
.
2011-05-28 21:10:14 340480 ----a-w- c:\documents and settings\all users\application data\20963108.exe
2011-05-28 21:00:57 430080 ----a-w- c:\documents and settings\all users\application data\LoBoUYvVYw.exe
2011-05-27 20:22:22 -------- d-----w- c:\windows\CC4C261AB9154F23BD237E1AE5713B4E.TMP
2011-05-14 17:01:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-15 13:42:14 256 ----a-w- c:\windows\system32\pool.bin
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 11:34:17.42 ===============

ken545

2011-06-01, 13:02

:snwelcome:

Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

We need to run RKill, it wont remove anything but will tame the malware so other programs can run

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please

timmyt224

2011-06-01, 20:20

I was unable to run the TDS Killer, however I ran the other requested programs. See log from Malwarebytes.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6745

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

6/1/2011 1:46:31 PM
mbam-log-2011-06-01 (13-46-31).txt

Scan type: Quick scan
Objects scanned: 178953
Time elapsed: 13 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LoBoUYvVYw (Trojan.FakeMS) -> Value: LoBoUYvVYw -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\lobouyvvyw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\20963108.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.

ken545

2011-06-02, 00:37

Ok, this one should run, just post the report, dont fix anything yet

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

timmyt224

2011-06-02, 00:43

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-01 18:40:54
-----------------------------
18:40:54.859 OS Version: Windows 5.1.2600 Service Pack 3
18:40:54.859 Number of processors: 1 586 0x304
18:40:54.859 ComputerName: TORCHIA UserName: Tim
18:40:56.906 Initialize success
18:40:59.875 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:40:59.906 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
18:41:01.953 Disk 0 MBR read successfully
18:41:01.953 Disk 0 MBR scan
18:41:01.968 Disk 0 unknown MBR code
18:41:04.000 Disk 0 scanning sectors +78108030
18:41:04.031 Disk 0 scanning C:\WINDOWS\system32\drivers
18:41:13.406 Service scanning
18:41:22.593 Disk 0 trace - called modules:
18:41:22.625 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a831ed]<<
18:41:22.640 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b607f0]
18:41:22.656 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b1f030]
18:41:22.671 \Driver\atapi[0x81b03eb8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a831ed
18:41:22.703 Scan finished successfully
18:41:47.015 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\My Documents\MBR.dat"
18:41:47.046 The log file has been saved successfully to "C:\Documents and Settings\Tim\My Documents\aswMBR.txt"

ken545

2011-06-02, 00:48

Re-Run aswMBR

Click Scan

On completion of the scan

Click Fix

http://public.avast.com/~gmerek/aswMBR3.png

Save the log as before and post in your next reply

timmyt224

2011-06-02, 01:18

ken545

2011-06-02, 01:44

Thats the same log from the original scan not the one after the fix

Run aswMBR again, just to scan and post the new log please

timmyt224

2011-06-02, 03:03

Sorry about the resend of the original I could not see the post in the thread, but good now!

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-01 20:59:01
-----------------------------
20:59:01.515 OS Version: Windows 5.1.2600 Service Pack 3
20:59:01.515 Number of processors: 1 586 0x304
20:59:01.531 ComputerName: TORCHIA UserName: Tim
20:59:04.078 Initialize success
20:59:14.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:59:14.640 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
20:59:16.687 Disk 0 MBR read successfully
20:59:16.687 Disk 0 MBR scan
20:59:16.703 Disk 0 unknown MBR code
20:59:18.718 Disk 0 scanning sectors +78108030
20:59:18.750 Disk 0 scanning C:\WINDOWS\system32\drivers
20:59:28.656 Service scanning
20:59:36.468 Disk 0 trace - called modules:
20:59:36.484 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a831ed]<<
20:59:36.500 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b607f0]
20:59:36.531 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81b1f030]
20:59:36.546 \Driver\atapi[0x81b03eb8] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a831ed
20:59:36.562 Scan finished successfully
20:59:53.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\My Documents\MBR.dat"
20:59:53.031 The log file has been saved successfully to "C:\Documents and Settings\Tim\My Documents\aswMBR2.txt"

ken545

2011-06-02, 09:50

Good Morning,

TDSSKiller should run now, run it and post the log.

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

timmyt224

2011-06-02, 16:47

I am getting a message indicating that the post is too long for the combo fix report. The TDSKiller would not work as well, I deleted it and re-loaded it but it would not fire up!!!

ken545

2011-06-02, 18:11

Hi,

When you reply to this thread, look at the lower part for MANAGE ATTACHMENTS and you can attach the Combofix report

timmyt224

2011-06-02, 19:36

****This is the message I got when I attempted to upload the log.***

(Your file of 128.9 KB bytes exceeds the forum's limit of 48.8 KB for this filetype.)

ken545

2011-06-02, 19:46

Right click on Combofix.txt and select SEND TO .......COMPRESSED ZIP FOLDER and then try to upload that zipped file

timmyt224

2011-06-02, 20:56

I think were in luck!

ken545

2011-06-02, 23:43

Nice, good job, nothing malicious removed

Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

timmyt224

2011-06-03, 01:54

ATF cleaner complete, ESET complete as well.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2114\A0256769.exe a variant of Win32/Kryptik.OGD trojan
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2114\A0256770.exe a variant of Win32/Kryptik.OGD trojan

ken545

2011-06-03, 02:22

Hello Timmy,

No biggie, what ESET found was in your System Restore Program and its harmless unless you use the program to revert your system to an earlier date, but lets get rid of it and flush it all out

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

How are things running now, any browser redirects or unwanted pop up windows ????

Let take one last look at your system
OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

timmyt224

2011-06-03, 03:39

Update: The good news is there are no pop ups or re-directs, however extremely slow.....Night and day difference from when I was operating in Safe Mode. More so with pulling up programs... The first log from OTL is here, stand by for the extra log in the follow up post.

OTL logfile created on: 6/2/2011 9:23:03 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 91.01 Mb Available Physical Memory | 35.83% Memory free
624.89 Mb Paging File | 309.26 Mb Available in Paging File | 49.49% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 1.78 Gb Free Space | 5.27% Space Free | Partition Type: NTFS

Computer Name: TORCHIA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (acssrv) -- File not found
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\SYSTEM32\DRIVERS\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\SYSTEM32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\SYSTEM32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\SYSTEM32\DRIVERS\afwcore.sys (Agnitum Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VBEngNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\SYSTEM32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

O1 HOSTS File: ([2010/09/06 21:11:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] File not found
O4 - HKLM..\Run: [OutpostMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 21:21:32 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/02 20:42:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2011/06/02 20:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/02 20:40:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/02 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/02 18:44:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER(2)
[2011/06/02 10:34:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/02 06:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\tdsskiller(2)
[2011/05/29 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/15 09:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Jen Back Up
[2011/05/14 13:01:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/02 21:21:39 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/02 20:48:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/02 20:46:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/02 20:46:45 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/02 18:47:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/02 14:54:25 | 000,021,233 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\log - For Combo fix.zip
[2011/06/02 06:57:06 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\tdsskiller.zip
[2011/06/01 20:59:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\MBR.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/05/18 11:04:25 | 000,001,155 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/05/15 09:42:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/14 13:01:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/02 20:46:44 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/02 14:54:24 | 000,021,233 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\log - For Combo fix.zip
[2011/06/02 06:57:09 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\tdsskiller.zip
[2011/06/01 18:41:47 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\MBR.dat
[2011/05/29 07:52:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Standard
[2011/02/26 16:58:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/02/26 16:58:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Speech Enhancer
[2011/02/26 16:54:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2011/02/26 16:54:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/02 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/02 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/02 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 20:38:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 20:38:27 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/20 18:03:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/25 18:07:49 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\mcs.rma
[2008/11/25 18:07:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\8A104B
[2008/11/22 09:12:25 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\kodakpcd.ini
[2007/11/26 21:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 15:34:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/26 17:40:08 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/26 17:40:08 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/12/26 14:19:51 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2006/12/26 14:19:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/03/01 16:25:00 | 000,002,832 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/12 18:28:41 | 000,000,176 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 20:44:08 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2004/10/09 12:23:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 18:51:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tim.ini
[2004/08/29 13:04:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/08/16 13:04:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 13:04:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/11 12:25:30 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/07 14:16:41 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JPR.{PB
[2004/08/07 14:16:41 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JCM.{PB
[2004/08/06 18:01:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/06 18:01:18 | 000,000,528 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/06 17:59:20 | 000,001,155 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/05 18:03:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 08:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 08:24:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 08:14:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 08:14:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 08:02:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/03 08:01:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 08:01:32 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/03 08:01:32 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/03 08:01:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 07:47:14 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 15:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/06/10 17:32:17 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/03 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/02 13:04:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/04/17 09:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/01/01 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/26 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/08 11:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/25 09:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\RadialPoint
[2010/04/27 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Research In Motion
[2009/04/17 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Skinux
[2007/02/15 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Viewpoint
[2008/07/05 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\aAvgApi
[2004/08/09 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2006/12/28 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Musicmatch
[2008/04/04 07:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\RadialPoint
[2006/12/27 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Chair Software
[2009/09/20 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Research In Motion
[2008/11/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2009/07/17 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Smith Micro
[2007/02/08 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

timmyt224

2011-06-03, 03:43

Update: Running quicker now, I spoke to soon.

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Service DUAYVYQW stopped successfully!
Service DUAYVYQW deleted successfully!
File C:\WINDOWS\System32\duayvyqw.yks File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 14774182 bytes
->Flash cache emptied: 2182 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Tim
->Temp folder emptied: 616115 bytes
->Temporary Internet Files folder emptied: 5295319 bytes
->Java cache emptied: 75174397 bytes
->FireFox cache emptied: 56650404 bytes
->Apple Safari cache emptied: 867328 bytes
->Flash cache emptied: 482285 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 168825 bytes
%systemroot%\System32 .tmp files removed: 4464145 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 13729612 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33726 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 164.00 mb

OTL by OldTimer - Version 3.2.20.0 log created on 01022011_112413

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

ken545

2011-06-03, 12:18

Tim,

Am I missing something here, I had you run OTL to scan so I could check over your log which you posted, but the second log is not the extra, it is a report from a fix , I did not post any fix ??????????????????????

timmyt224

2011-06-03, 13:56

Ken, Sorry for the confusion the fix was left in an OTL folder on the C drive from when I previously used your services in January. I looked numerous places for the extra log which was not displayed at the end of the scan but had no luck. Do you want me to run it again in an effort to locate it?
Thanks, T

timmyt224

2011-06-03, 14:20

Ken, After sending you that last post I had a chance to use the computer, I thought all systems were a go, however I tried a search under a new tab and was redirected. I attempted a few other searchs and was redirected each time thereafter......

ken545

2011-06-03, 21:36

Tim

Lets run aswMBR again, just post the log

Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png

On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png

timmyt224

2011-06-04, 02:58

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-03 20:55:22
-----------------------------
20:55:22.203 OS Version: Windows 5.1.2600 Service Pack 3
20:55:22.203 Number of processors: 1 586 0x304
20:55:22.218 ComputerName: TORCHIA UserName: Tim
20:55:46.828 Initialize success
20:55:52.921 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:55:52.953 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
20:55:55.015 Disk 0 MBR read successfully
20:55:55.015 Disk 0 MBR scan
20:55:55.015 Disk 0 unknown MBR code
20:55:57.171 Disk 0 scanning sectors +78108030
20:55:57.234 Disk 0 scanning C:\WINDOWS\system32\drivers
20:56:34.281 Service scanning
20:56:45.437 Disk 0 trace - called modules:
20:56:45.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a7c1ed]<<
20:56:45.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b0a030]
20:56:45.531 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af34e8]
20:56:45.546 \Driver\atapi[0x81af3d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a7c1ed
20:56:45.546 Scan finished successfully
20:57:20.296 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
20:57:20.453 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR log.txt"

ken545

2011-06-04, 12:26

Re-Run aswMBR

Click Scan

On completion of the scan

Click Fix

http://public.avast.com/~gmerek/aswMBR3.png

Save the log as before and post in your next reply

timmyt224

2011-06-04, 13:18

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-04 07:13:23
-----------------------------
07:13:23.328 OS Version: Windows 5.1.2600 Service Pack 3
07:13:23.328 Number of processors: 1 586 0x304
07:13:23.328 ComputerName: TORCHIA UserName: Tim
07:13:25.000 Initialize success
07:13:39.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
07:13:39.937 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
07:13:41.984 Disk 0 MBR read successfully
07:13:41.984 Disk 0 MBR scan
07:13:41.984 Disk 0 unknown MBR code
07:13:44.015 Disk 0 scanning sectors +78108030
07:13:44.031 Disk 0 scanning C:\WINDOWS\system32\drivers
07:13:55.234 Service scanning
07:13:59.453 Disk 0 trace - called modules:
07:13:59.468 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a7c1ed]<<
07:13:59.468 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b0a030]
07:13:59.468 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af34e8]
07:13:59.484 \Driver\atapi[0x81af3d20] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a7c1ed
07:13:59.484 Scan finished successfully
07:15:08.031 Disk 0 Windows 501 MBR fixed successfully
07:16:08.671 Disk 0 Windows 501 MBR fixed successfully
07:16:53.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
07:16:53.000 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR2.txt"

ken545

2011-06-04, 13:56

Lets try TDSSKiller again, if its still on your desktop, drag it to the trash and download a fresh copy

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

timmyt224

2011-06-04, 14:48

I cleared out all the previously downloaded folders and attempted a new download as indicated. After extracting all files, the run box prompts, I click the run box and nothing happens from there...

ken545

2011-06-04, 16:33

Run this first

Please download rkill (Courtesy of Bleepingcomputer.com).
There are 5 different versions of this tool. If one of them will not run, please try the next one in the list.
Note: Vista and Windows 7 Users must right click and select "Run as Administrator" to run the tool.
Note: You only need to get one of the tools to run, not all of them.

1. rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
2. rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
3. rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
4. WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
5. uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)

Note: You will likely see a message from this rogue telling you the file is infected. Ignore the message. Leave the message OPEN, do not close the message.

Run rkill repeatedly until it's able to do it's job. This may take a few tries.

You'll be able to tell rkill has done it's job when your desktop (explorer.exe) cycles off and then on again.

If it still wont run and you still have Combofix on your desktop, drag it to trash and download and run a new updated copy, notice how it needs to be renamed

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

http://img.photobucket.com/albums/v706/ried7/RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

timmyt224

2011-06-04, 19:37

After complete all the tasks you had requested I took one on the chin. The computer locked up after combo fix had displayed the log. So I had to reboot with hopes of recovering the log to send to you. As I was in the process of doing this I got the blue screen indicating to shut down and reboot in safe mode. Now back online in safe mode computer is moving superfast, ie: the internet and when I click on a program it prompts quickly. The log from the last combo fix run is MIA so I will do it again and post shortly.....oh and the killer is still not working...

ken545

2011-06-04, 20:13

Why dont you try Combofix in Safemode

C:\ComboFix.txt <-- The log may be here

timmyt224

2011-06-05, 00:41

Out of Safe Mode, did it by itself during the combo fix: See Log.

ComboFix 11-06-04.02 - Tim 06/04/2011 13:39:43.6.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.151 [GMT -4:00]
Running from: c:\documents and settings\Tim\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Security Suite *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2392168675-1175828863-1792882590-1007(2)\INFO2
.
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-03 19:06 . 2011-06-03 19:06 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-06-03 19:06 . 2011-06-03 19:06 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-06-03 18:58 . 2011-06-03 18:58 65536 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2011-06-03 18:58 . 2011-06-03 18:58 65536 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2011-06-03 18:58 . 2011-06-03 18:58 65536 ----a-r- c:\documents and settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe
2011-06-03 18:57 . 2011-06-03 19:06 -------- d-----w- c:\program files\Verizon
2011-06-03 00:44 . 2011-06-03 00:44 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-02 22:48 . 2011-06-02 22:48 -------- d-----w- c:\program files\ESET
2011-05-29 15:35 . 2011-06-03 00:41 -------- d-----w- c:\program files\ERUNT
2011-05-14 17:01 . 2011-05-14 17:01 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-05 19:14 . 2011-05-05 19:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-16 21:13 . 2011-01-03 21:44 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-07 05:33 . 2004-06-07 19:19 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
c:\program files\Agnitum\Outpost Security Suite Free\op_shell.dll [BU]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Security Suite Free\feedback.exe" [BU]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-07 15:10 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-07-06 18:30 195072 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\SYSTEM32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04 122933 ----a-w- c:\windows\SYSTEM32\dla\tfswctrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32 77824 ----a-w- c:\windows\SYSTEM32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36 114688 ----a-w- c:\windows\SYSTEM32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35 94208 ----a-w- c:\windows\SYSTEM32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 23:47 479232 ----a-w- c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
c:\program files\Dell\Media Experience\PCMService.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
.
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 mrtRate;mrtRate; [x]
R3 afw;Agnitum firewall driver;c:\windows\system32\DRIVERS\afw.sys [2010-04-20 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-09-27 267624]
R3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [2010-11-26 72352]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [2009-11-10 18560]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 VBEngNT;VBEngNT;c:\windows\system32\drivers\VBEngNT.sys [2010-06-09 241088]
R3 VBFilt;VBFilt;c:\windows\system32\Filt\VBFilt.dll [2010-11-26 36288]
S1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-11-26 710696]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.app.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-04 14:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1236)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2011-06-04 14:38:51 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-04 18:38
ComboFix2.txt 2011-06-04 16:38
ComboFix3.txt 2011-06-02 14:34
ComboFix4.txt 2011-01-03 03:20
.
Pre-Run: 16,284,446,720 bytes free
Post-Run: 16,007,987,200 bytes free
.
- - End Of File - - 7B79A21C2016DD38C3C655A63CE566D3

ken545

2011-06-05, 05:35

:bigthumb:

This was the culprit
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

Try running TDSSKiller, it may run now

timmyt224

2011-06-05, 13:47

I re-installed a fresh copy of the TDSSKiller, but once again it will not perform after I click the run tab. In addition it appears that all other functions are working properly except for the sound. When I rebooted the Windows sound effect came through but if I pull up video on the Internet nothing comes through.

After I send the post I am going to restart and see what happens.

timmyt224

2011-06-05, 14:21

Ken, I was able to reboot out of safemode mode but very sluggish. I then noticed a yellow triangle with an exclamation mark appear in the the toolbar. As soon as put the pointer over it without clicking it disappeared! It was the same icon as listed below. Still no sound...

ken545

2011-06-05, 14:56

Run aswMBR just to scan and let me see if anything changed. Make sure you post the new log, you can delete any others

timmyt224

2011-06-05, 16:10

Still getting the redirect on a google search, and no sound from the internet.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-05 10:07:39
-----------------------------
10:07:39.421 OS Version: Windows 5.1.2600 Service Pack 3
10:07:39.421 Number of processors: 1 586 0x304
10:07:39.421 ComputerName: TORCHIA UserName: Tim
10:07:42.140 Initialize success
10:07:47.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:07:47.937 Disk 0 Vendor: ST340014A 8.16 Size: 38146MB BusType: 3
10:07:49.968 Disk 0 MBR read successfully
10:07:49.968 Disk 0 MBR scan
10:07:49.984 Disk 0 Windows XP default MBR code
10:07:52.000 Disk 0 scanning sectors +78108030
10:07:52.015 Disk 0 scanning C:\WINDOWS\system32\drivers
10:08:02.093 Service scanning
10:08:05.437 Disk 0 trace - called modules:
10:08:05.453 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x81a871ed]<<
10:08:05.453 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x81b65030]
10:08:05.453 3 CLASSPNP.SYS[f9306fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x81af4700]
10:08:05.453 \Driver\atapi[0x81af4f38] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x81a871ed
10:08:05.468 Scan finished successfully
10:08:26.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tim\Desktop\MBR.dat"
10:08:26.343 The log file has been saved successfully to "C:\Documents and Settings\Tim\Desktop\aswMBR3.txt"

ken545

2011-06-05, 16:35

Lets run some more scans

Open Malwarebytes, check for updates and run the Quick Scan, if nothing is found no need for the log but let me know

Please download DeFogger (http://www.jpshortstuff.247fixes.com/Defogger.exe) to your desktop.

Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Next:

Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double click GMER.exe.
http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif
If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

To re-enable your Emulation drivers, double click DeFogger to run the tool.

The application window will appear
Click the Re-enable button to re-enable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

timmyt224

2011-06-05, 18:26

Malwarebytes, No Malicious Threats found.

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-05 12:23:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
Running: gmer.exe; Driver: C:\DOCUME~1\Tim\LOCALS~1\Temp\fxrdipog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAllocateVirtualMemory [0xF8CEF6E0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xF8CEF610]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xF8CED7E0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xF8CEF980]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xF8CED1B0]
SSDT EF2D1A66 ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xF8CEEAB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xF8CEEBA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xF8CECDE0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xF8CEDAB0]
SSDT EF2D1A5C ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xF8CEFFB0]
SSDT EF2D1A6B ZwDeleteKey
SSDT EF2D1A75 ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateKey [0xF8CEDE10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwEnumerateValueKey [0xF8CEDEF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwFsControlFile [0xF8CED0C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xF8CF2000]
SSDT EF2D1A7A ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xF8CED9F0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xF8CED640]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xF8CEDC80]
SSDT EF2D1A48 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xF8CECEB0]
SSDT EF2D1A4D ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xF8CEF8A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xF8CEDFD0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xF8CEE0B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xF8CEF540]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xF8CEE5B0]
SSDT EF2D1A84 ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xF8CEFC50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xF8CEFD20]
SSDT EF2D1A7F ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xF8CEE340]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xF8CEE410]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xF8CEFA70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xF8CEF450]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xF8CF0080]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSecurityObject [0xF8CF0180]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xF8CEE760]
SSDT EF2D1A70 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xF8CEF2A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xF8CEF360]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xF8CEFED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xF8CEEF90]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xF8CEF150]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xF8CEE830]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteFile [0xF8CECFB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xF8CEF7C0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 8 Bytes JMP EBA0F8CE
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [A0, F2, CE, F8, 60, F3, CE, ...]
.text ntoskrnl.exe!_abnormal_termination + 464 804E2AD0 4 Bytes [30, E8, CE, F8] {XOR AL, CH; INTO ; CLC }
.text ntoskrnl.exe!_abnormal_termination + 4A0 804E2B0C 1 Byte [C0]
INITc VolSnap.sys F92F1BD0 4 Bytes [36, 9A, 4D, 80]
INITc VolSnap.sys F92F1BF8 4 Bytes [94, 87, 4E, 80] {XCHG ESP, EAX; XCHG [ESI-0x80], ECX}
INITc VolSnap.sys F92F1C20 4 Bytes [A0, C1, 4D, 80]
INITc VolSnap.sys F92F1C48 4 Bytes [B0, C8, 4D, 80]
INITc VolSnap.sys F92F1C70 4 Bytes [09, BF, 4D, 80]
INITc ...
init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF9641760]
? C:\DOCUME~1\Tim\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00D5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00D2000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00D1000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00D3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00D4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00D0000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1232] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CF000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B3000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B4000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00B5000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0058000A
.text C:\Program Files\internet explorer\iexplore.exe[1740] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\internet explorer\iexplore.exe[1740] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00F0000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B4000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00B3000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B5000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00EF000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0059000A
.text C:\Program Files\internet explorer\iexplore.exe[2148] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\internet explorer\iexplore.exe[2148] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00CF000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B3000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B4000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00B5000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0058000A
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00B16B70
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[3680] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00B16D70

---- Threads - GMER 1.0.15 ----

Thread System [4:120] 81A8BE7A
Thread System [4:124] 81A8E008

---- EOF - GMER 1.0.15 ----

ken545

2011-06-05, 18:56

Not looking at a rootkit.

Drag OTL to the trash and download a fresh copy , run the scan and post the new log please, there will most likely be no extras this time so dont worry about it.

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

timmyt224

2011-06-05, 20:43

OTL logfile created on: 6/5/2011 2:28:40 PM - Run 3
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 43.65 Mb Available Physical Memory | 17.19% Memory free
624.89 Mb Paging File | 145.00 Mb Available in Paging File | 23.20% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 14.89 Gb Free Space | 44.19% Space Free | Partition Type: NTFS

Computer Name: TORCHIA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (acssrv) -- File not found
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\SYSTEM32\DRIVERS\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\SYSTEM32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\SYSTEM32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\SYSTEM32\DRIVERS\afwcore.sys (Agnitum Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VBEngNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\SYSTEM32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

O1 HOSTS File: ([2011/06/04 14:26:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] File not found
O4 - HKLM..\Run: [OutpostMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/05 14:28:05 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/04 18:50:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/04 13:52:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/04 10:45:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tim\Start Menu\Programs\Administrative Tools
[2011/06/04 10:44:49 | 004,112,369 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/03 20:54:53 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 14:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/06/02 20:42:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2011/06/02 20:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/02 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/29 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/15 09:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Jen Back Up
[2011/05/14 13:01:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/05 14:28:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/05 14:21:00 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/05 13:06:06 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/05 13:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/05 08:51:19 | 000,001,155 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/05 07:41:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 19:16:07 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/06/04 14:26:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/06/04 10:45:03 | 004,112,369 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2011/06/04 10:36:21 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 20:55:18 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/05/28 17:11:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/05/15 09:42:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/14 13:01:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/05 07:49:13 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 10:36:05 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/06/03 14:58:15 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/05/29 07:52:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Standard
[2011/02/26 16:58:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/02/26 16:58:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Speech Enhancer
[2011/02/26 16:54:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2011/02/26 16:54:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/02 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/02 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/02 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 20:38:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 20:38:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/20 18:03:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/25 18:07:49 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\mcs.rma
[2008/11/25 18:07:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\8A104B
[2008/11/22 09:12:25 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\kodakpcd.ini
[2007/11/26 21:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 15:34:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/26 17:40:08 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/26 17:40:08 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/12/26 14:19:51 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2006/12/26 14:19:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/03/01 16:25:00 | 000,002,832 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/12 18:28:41 | 000,000,176 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 20:44:08 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2004/10/09 12:23:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 18:51:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tim.ini
[2004/08/29 13:04:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/08/16 13:04:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 13:04:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/11 12:25:30 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/07 14:16:41 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JPR.{PB
[2004/08/07 14:16:41 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JCM.{PB
[2004/08/06 18:01:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/06 18:01:18 | 000,000,528 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/06 17:59:20 | 000,001,155 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/05 18:03:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 08:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 08:24:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 08:14:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 08:14:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 08:02:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/03 08:01:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 08:01:32 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/03 08:01:32 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/03 08:01:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 07:47:14 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 15:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/06/10 17:32:17 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/03 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/02 13:04:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/04/17 09:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/01/01 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/26 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/08 11:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/25 09:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\RadialPoint
[2010/04/27 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Research In Motion
[2009/04/17 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Skinux
[2007/02/15 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Viewpoint
[2008/07/05 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\aAvgApi
[2004/08/09 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2006/12/28 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Musicmatch
[2008/04/04 07:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\RadialPoint
[2006/12/27 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Chair Software
[2009/09/20 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Research In Motion
[2008/11/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2009/07/17 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Smith Micro
[2007/02/08 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Viewpoint

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

ken545

2011-06-05, 21:47

Tim,

Want to point out that you have the bare minimum of memory installed, this system must crawl even when its clean . You desperately need to upgrade this memory if you want your system to function normally. If your interested , when where done I will show you how to go about it.

253.98 Mb Total Physical Memory
This amount could be very easily doubled or even adding 1GB would be better

Where going to run a fix with OTL, first back up your registry and then make sure you hooked up to the internet . This will remove some remnants of AVG

Backup Your Registry with ERUNT:
Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.Note: to restore your registry, go to the backup folder and start ERDNT.exe

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:processes
killallprocesses

:OTL

O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

timmyt224

2011-06-06, 19:50

This process went smoothly, and yes I am interested in upgrading the memory if it will allow me to salvage this unit for another year or so. in addition the anti-virus located a virus. I will send you the log report for the daily scan. This was located prior to the OTL fix. May mean something to you, not sure..

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : home
IP Address. . . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Tim\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Tim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Jen
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42675270 bytes
->Flash cache emptied: 938 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

User: Tim
->Temp folder emptied: 6530588 bytes
->Temporary Internet Files folder emptied: 39042115 bytes
->Java cache emptied: 1197 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2223 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17048 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 57766 bytes

Total Files Cleaned = 84.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06062011_123919

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Tim\Local Settings\Temp\fla22.tmp not found!
File\Folder C:\Documents and Settings\Tim\Local Settings\Temp\fla23.tmp not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\1721260319[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\ac3[4].htm moved successfully.
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\fw-nonplayer-banner[4].htm not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\login_status[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\moviereviews_mevio_com[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\Z7ZHXV2A\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\RLN5WSVA\emily[1].html moved successfully.
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\RLN5WSVA\fw-nonplayer-banner[3].htm not found!
File\Folder C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\O3Q2AZTE\1721260319[1].htm not found!
C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\O3Q2AZTE\showthread[1].htm moved successfully.
File move failed. C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

timmyt224

2011-06-06, 19:52

Avira AntiVir Personal
Report file date: Monday, June 06, 2011 12:00

Scanning for 2708155 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : TORCHIA

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/27/2011 12:25:26
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 13:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 22:00:23
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 19:30:26
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 23:02:06
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 01:58:31
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 01:58:32
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 01:58:32
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 01:58:32
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 01:58:32
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 01:58:32
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 01:58:32
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 01:58:33
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 01:58:33
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 01:58:33
VBASE014.VDF : 7.11.8.223 2048 Bytes 6/2/2011 01:58:33
VBASE015.VDF : 7.11.8.224 2048 Bytes 6/2/2011 01:58:33
VBASE016.VDF : 7.11.8.225 2048 Bytes 6/2/2011 01:58:34
VBASE017.VDF : 7.11.8.226 2048 Bytes 6/2/2011 01:58:34
VBASE018.VDF : 7.11.8.227 2048 Bytes 6/2/2011 01:58:34
VBASE019.VDF : 7.11.8.228 2048 Bytes 6/2/2011 01:58:34
VBASE020.VDF : 7.11.8.229 2048 Bytes 6/2/2011 01:58:34
VBASE021.VDF : 7.11.8.230 2048 Bytes 6/2/2011 01:58:34
VBASE022.VDF : 7.11.8.231 2048 Bytes 6/2/2011 01:58:35
VBASE023.VDF : 7.11.8.232 2048 Bytes 6/2/2011 01:58:35
VBASE024.VDF : 7.11.8.233 2048 Bytes 6/2/2011 01:58:35
VBASE025.VDF : 7.11.8.234 2048 Bytes 6/2/2011 01:58:35
VBASE026.VDF : 7.11.8.235 2048 Bytes 6/2/2011 01:58:35
VBASE027.VDF : 7.11.8.236 2048 Bytes 6/2/2011 01:58:35
VBASE028.VDF : 7.11.8.237 2048 Bytes 6/2/2011 01:58:36
VBASE029.VDF : 7.11.8.238 2048 Bytes 6/2/2011 01:58:36
VBASE030.VDF : 7.11.8.239 2048 Bytes 6/2/2011 01:58:36
VBASE031.VDF : 7.11.8.247 38912 Bytes 6/3/2011 01:58:36
Engineversion : 8.2.5.12
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 13:39:51
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/3/2011 01:58:40
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 13:39:50
AESBX.DLL : 8.2.1.34 323957 Bytes 6/3/2011 01:58:40
AERDL.DLL : 8.1.9.9 639347 Bytes 3/25/2011 22:44:18
AEPACK.DLL : 8.2.6.8 557430 Bytes 5/18/2011 22:50:11
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/3/2011 01:58:39
AEHEUR.DLL : 8.1.2.123 3502456 Bytes 6/3/2011 01:58:38
AEHELP.DLL : 8.1.17.2 246135 Bytes 5/20/2011 11:18:44
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 11:18:42
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 13:39:42
AECORE.DLL : 8.1.21.1 196983 Bytes 6/3/2011 01:58:37
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 13:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 13:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 13:39:54
AVREP.DLL : 10.0.0.10 174120 Bytes 5/18/2011 22:50:12
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 13:39:54
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/27/2011 12:25:26
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 13:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 13:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 19:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 13:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 19:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 13:40:20

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Monday, June 06, 2011 12:01

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ISUSPM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'Verizon_IHAMessageCenter.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1821' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

[0] Archive type: NSIS
--> ProgramFilesDir/handle.cfxxe
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4400a484.qua'.

End of the scan: Monday, June 06, 2011 12:26
Used time: 24:04 Minute(s)

The scan has been canceled!

2366 Scanned directories
44373 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
44372 Files not concerned
906 Archives were scanned
0 Warnings
1 Notes

ken545

2011-06-06, 19:55

Hello Tim

That was a false positive, what it found was part of Combofix detection

How are the redirects, are they gone ?

timmyt224

2011-06-06, 20:23

Yes, I just opened a new tab and attempted a google search and was redirected, otherwise it seems to being operating nicely!

ken545

2011-06-07, 01:06

What site are you being redirected to ? Dont post the link, just type it in.

Are you accessing the internet through a router ? If so, by pass the router, hook your computer up directly to your cable or DSL modem, are you still being redirected when you do this ?

timmyt224

2011-06-07, 01:26

I have a simple hook up with Fios cable Internet service. I just did a simple search for "beach cruisers" and was redirected. Without posting the link it looks like it says, scour.com, If I click on one of those links it redirects me once again to click.scour.com/jump.
As previously stated in an earlier post it's moving smoothly at this point. The only other complication I noticed besides the redirect is I have NO sound over the internet. ( Media clips and video) When I use another program the sound effects work fine....puzzeled at this point!!!

ken545

2011-06-07, 01:44

Open IE and go to Tools> Internet Options> Programs tab> Manage Add Ons> Search Providers and see if scour is listed, if so delete it

timmyt224

2011-06-07, 01:52

Scour was not listed, google and yahoo, thats it!

ken545

2011-06-07, 02:49

Scour is a new one on me, but its a redirect virus.

Run DDS and OTL and post new logs please and let me see if I missed anything

Download DDS from one of the links below to your desktop

Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files) (http://windows.microsoft.com/en-us/windows-vista/Compress-and-uncompress-files-zip-files)

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

timmyt224

2011-06-07, 03:25

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Run by Tim at 21:13:26 on 2011-06-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.31 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Security Suite *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.app.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost security suite free\feedback.exe" /dump:os_startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484
DPF: {6F750203-1362-4815-A476-88533DE61D0C} - hxxp://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} - hxxp://onlinedesigner.hgtv.com/images/app/view22rte.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12
TCP: Interfaces\{F15E0B52-1976-4A84-8799-97AC318938EE} : DhcpNameServer = 192.168.1.1 71.250.0.12
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-06-06 16:39:19 -------- d-----w- C:\_OTL
2011-06-03 19:06:40 260 ----a-w- c:\windows\system32\cmdVBS.vbs
2011-06-03 19:06:40 256 ----a-w- c:\windows\system32\MSIevent.bat
2011-06-03 18:58:20 65536 ----a-r- c:\documents and settings\tim\application data\microsoft\installer\{730ef0e8-8b8e-4054-b2ce-5d4ba3bce510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2011-06-03 18:58:20 65536 ----a-r- c:\documents and settings\tim\application data\microsoft\installer\{730ef0e8-8b8e-4054-b2ce-5d4ba3bce510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2011-06-03 18:58:20 65536 ----a-r- c:\documents and settings\tim\application data\microsoft\installer\{730ef0e8-8b8e-4054-b2ce-5d4ba3bce510}\ARPPRODUCTICON.exe
2011-06-03 18:57:22 -------- d-----w- c:\program files\Verizon
2011-06-03 00:44:27 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-03 00:44:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-02 22:48:58 -------- d-----w- c:\program files\ESET
2011-05-14 17:01:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-15 13:42:14 256 ----a-w- c:\windows\system32\pool.bin
.
============= FINISH: 21:16:27.71 ===============

timmyt224

2011-06-07, 03:37

OTL logfile created on: 6/6/2011 9:27:15 PM - Run 4
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

253.98 Mb Total Physical Memory | 32.67 Mb Available Physical Memory | 12.86% Memory free
624.89 Mb Paging File | 192.42 Mb Available in Paging File | 30.79% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 14.84 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

Computer Name: TORCHIA | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tim\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\SunnComm Shared\msscript.OCX (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (acssrv) -- File not found
SRV - (IHA_MessageCenter) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe (HP)
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)

========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (SandBox) -- C:\WINDOWS\SYSTEM32\DRIVERS\SandBox.sys (Agnitum Ltd.)
DRV - (VBFilt) -- C:\WINDOWS\SYSTEM32\Filt\VBFilt.dll (Agnitum Ltd.)
DRV - (ASWFilt) -- C:\WINDOWS\SYSTEM32\Filt\ASWFilt.dll (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\SYSTEM32\DRIVERS\afwcore.sys (Agnitum Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (VBEngNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VBEngNT.sys (VirusBuster Kft.)
DRV - (afw) -- C:\WINDOWS\SYSTEM32\DRIVERS\afw.sys (Agnitum Ltd.)
DRV - (FlyUsb) -- C:\WINDOWS\SYSTEM32\DRIVERS\FlyUsb.sys (LeapFrog)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (USBModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\SYSTEM32\DRIVERS\lgusbbus.sys (LG Electronics Inc.)
DRV - (dsunidrv) -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel(R) Corporation)
DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel(R) Corporation)
DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel(R) Corporation)
DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel(R) Corporation)
DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel(R) Corporation)
DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel(R) Corporation)
DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel(R) Corporation)
DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel(R) Corporation)
DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel(R) Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (P2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\P2k.sys (Motorola Inc)
DRV - (IntelC52) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (ndiscm) -- C:\WINDOWS\SYSTEM32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (SbcpHid) -- C:\WINDOWS\SYSTEM32\DRIVERS\SbcpHid.sys ()
DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

O1 HOSTS File: ([2011/06/06 12:40:06 | 000,000,098 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No CLSID value found.
O3 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [OutpostFeedBack] File not found
O4 - HKLM..\Run: [OutpostMonitor] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2392168675-1175828863-1792882590-1007\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab (Support.com Configuration Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484 (MUWebControl Class)
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} http://onlinedesigner.hgtv.com/images/app/view22rte.cab (View22RTE Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/06 21:26:39 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/06 21:12:02 | 000,607,222 | R--- | C] (Swearware) -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2011/06/06 12:39:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/04 18:50:41 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/04 13:52:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/06/04 10:45:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tim\Start Menu\Programs\Administrative Tools
[2011/06/03 20:54:53 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 14:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2011/06/02 20:42:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2011/06/02 20:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/02 18:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/29 11:35:27 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/15 09:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\My Documents\Jen Back Up
[2011/05/14 13:01:39 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files - Modified Within 30 Days ==========

[2011/06/06 21:26:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2011/06/06 21:12:10 | 000,607,222 | R--- | M] (Swearware) -- C:\Documents and Settings\Tim\Desktop\dds.scr
[2011/06/06 17:15:41 | 000,001,155 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2011/06/06 12:46:22 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/06/06 12:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/06/06 12:44:08 | 266,391,552 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/06 12:40:06 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2011/06/05 07:41:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/04 19:16:07 | 000,002,511 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/06/04 10:36:21 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 20:55:18 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Tim\Desktop\aswMBR.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | M] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/05/28 17:11:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/05/15 09:42:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2011/05/14 13:01:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/06/05 07:49:13 | 266,391,552 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/04 10:36:05 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\rkill.exe
[2011/06/03 15:06:40 | 000,000,260 | ---- | C] () -- C:\WINDOWS\System32\cmdVBS.vbs
[2011/06/03 15:06:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\MSIevent.bat
[2011/06/03 14:58:15 | 000,002,511 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Vz In-Home Agent.lnk
[2011/05/29 07:52:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/28 17:11:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20963108
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StatusSheet
[2011/02/26 16:58:44 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Standard
[2011/02/26 16:58:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/02/26 16:58:44 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Sync Services
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\StartupItems
[2011/02/26 16:54:24 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Tim\Application Data\Speech Enhancer
[2011/02/26 16:54:24 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Strings
[2011/02/26 16:54:23 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/01/02 22:53:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/02 22:53:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/02 22:53:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/06 20:38:27 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/06 20:38:27 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/09/20 18:03:27 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2008/11/25 18:07:49 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\mcs.rma
[2008/11/25 18:07:49 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\8A104B
[2008/11/22 09:12:25 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\kodakpcd.ini
[2007/11/26 21:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/04/29 15:34:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006/12/26 17:40:08 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/26 17:40:08 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/12/26 14:19:51 | 000,124,324 | ---- | C] () -- C:\WINDOWS\HPHins12.dat.temp
[2006/12/26 14:19:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat.temp
[2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\DXFLib.dll
[2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\opcode.dll
[2005/03/01 16:25:00 | 000,002,832 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/12/12 18:28:41 | 000,000,176 | ---- | C] () -- C:\WINDOWS\upst.ini
[2004/11/18 20:44:08 | 000,000,126 | -H-- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2004/10/09 12:23:44 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/09/19 18:51:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Tim.ini
[2004/08/29 13:04:04 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/08/16 13:04:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/08/16 13:04:16 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/08/11 12:25:30 | 000,134,656 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/08/07 14:16:41 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JPR.{PB
[2004/08/07 14:16:41 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Tim\Application Data\PFP120JCM.{PB
[2004/08/06 18:01:19 | 000,000,092 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2004/08/06 18:01:18 | 000,000,528 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2004/08/06 17:59:20 | 000,001,155 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/08/05 18:03:01 | 000,000,378 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/08/03 08:28:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/03 08:24:02 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/08/03 08:14:50 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/08/03 08:14:47 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/08/03 08:02:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/08/03 08:01:36 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 08:01:32 | 000,445,370 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/08/03 08:01:32 | 000,072,576 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/08/03 08:01:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/03 07:47:14 | 000,000,549 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/06/16 15:27:10 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\DLBCPLC.INI
[2004/05/26 16:09:26 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2004/05/11 11:03:20 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/05/11 11:02:24 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/14 13:58:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2002/11/14 13:58:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2002/11/14 13:58:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2002/11/14 13:58:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2002/11/14 13:58:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2002/06/10 17:32:17 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/01/03 17:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/01 13:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/01/02 13:04:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2007/04/17 09:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Freedom
[2010/01/01 13:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2011/02/26 16:56:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2008/11/01 14:57:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/26 16:58:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2007/02/08 11:52:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/03/12 17:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/09 17:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/25 09:11:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\RadialPoint
[2010/04/27 11:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Research In Motion
[2009/04/17 16:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Skinux
[2007/02/15 12:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jen\Application Data\Viewpoint
[2008/07/05 08:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\aAvgApi
[2004/08/09 19:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Leadertech
[2006/12/28 20:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Musicmatch
[2008/04/04 07:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\RadialPoint
[2006/12/27 15:21:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Red Chair Software
[2009/09/20 18:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Research In Motion
[2008/11/08 10:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2009/07/17 13:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Smith Micro
[2007/02/08 11:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Viewpoint

========== Purity Check ==========

< End of report >

timmyt224

2011-06-07, 03:42

The same thing happened on a previous run, the extras log is MIA. I went into the c:/ OTL folder, and looked for the file, its not present.

ken545

2011-06-07, 10:08

Morning Tim,

You will only get the extras log on the first run so not to worry, lets see if we can uncover this thing

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:filefind
Scour.com
Scour
:folderfind
Scour.com
Scour
:regfind
Scour.com
Scour

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Random System Information Tool
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

timmyt224

2011-06-07, 13:43

SystemLook 04.09.10 by jpshortstuff
Log created at 07:30 on 07/06/2011 by Tim
Administrator - Elevation successful

========== filefind ==========

Searching for "Scour.com"
No files found.

Searching for "Scour"
No files found.

========== folderfind ==========

Searching for "Scour.com"
No folders found.

Searching for "Scour"
No folders found.

========== regfind ==========

Searching for "Scour.com"
No data found.

Searching for "Scour"
No data found.

-= EOF =-

timmyt224

2011-06-07, 13:47

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tim at 2011-06-07 07:44:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (44%) free of 35 GB
Total RAM: 254 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:23 AM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\RSIT.exe
C:\Program Files\trend micro\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: (no name) - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg

--
End of file - 7571 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-12-13 281768]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe /dump:os_startup []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-10-07 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-06 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-09-15 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2007-11-12 1447184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-07-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe"="C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

======List of files/folders created in the last 1 months======

2011-06-07 07:44:52 ----D---- C:\rsit
2011-06-06 12:39:19 ----D---- C:\_OTL
2011-06-05 07:49:13 ----ASH---- C:\hiberfil.sys
2011-06-04 18:50:41 ----SHD---- C:\RECYCLER
2011-06-04 14:38:53 ----A---- C:\ComboFix.txt
2011-06-04 13:52:34 ----D---- C:\WINDOWS\temp
2011-06-03 15:06:40 ----A---- C:\WINDOWS\system32\MSIevent.bat
2011-06-03 15:06:40 ----A---- C:\WINDOWS\system32\cmdVBS.vbs
2011-06-03 14:57:22 ----D---- C:\Program Files\Verizon
2011-06-02 18:48:58 ----D---- C:\Program Files\ESET
2011-05-29 11:35:27 ----D---- C:\Program Files\ERUNT

======List of files/folders modified in the last 1 months======

2011-06-07 07:45:22 ----D---- C:\Program Files\Trend Micro
2011-06-07 07:44:53 ----D---- C:\WINDOWS\Prefetch
2011-06-06 17:16:26 ----D---- C:\Program Files\Quicken
2011-06-06 17:15:41 ----A---- C:\WINDOWS\QUICKEN.INI
2011-06-06 12:45:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-06 12:45:00 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2011-06-06 12:44:55 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2011-06-06 12:43:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-06 12:40:06 ----AD---- C:\WINDOWS\system32\drivers\ETC
2011-06-06 12:36:33 ----D---- C:\WINDOWS\ERDNT
2011-06-06 12:21:44 ----SHD---- C:\System Volume Information
2011-06-06 12:19:40 ----D---- C:\WINDOWS\system32\NtmsData
2011-06-06 12:09:54 ----D---- C:\WINDOWS\Registration
2011-06-05 07:41:45 ----D---- C:\WINDOWS\SYSTEM32
2011-06-05 07:27:43 ----A---- C:\WINDOWS\ntbtlog.txt
2011-06-05 07:26:21 ----D---- C:\WINDOWS\Minidump
2011-06-05 07:26:21 ----AD---- C:\WINDOWS
2011-06-04 14:39:13 ----D---- C:\Qoobox
2011-06-04 14:27:38 ----A---- C:\WINDOWS\system.ini
2011-06-04 13:53:36 ----AD---- C:\WINDOWS\system32\DRIVERS
2011-06-04 13:46:57 ----D---- C:\WINDOWS\AppPatch
2011-06-04 13:46:54 ----D---- C:\Program Files\Common Files
2011-06-03 15:07:15 ----SHD---- C:\WINDOWS\Installer
2011-06-03 15:07:14 ----D---- C:\Config.Msi
2011-06-03 14:57:22 ----D---- C:\Program Files
2011-06-03 14:52:13 ----D---- C:\WINDOWS\system32\FxsTmp
2011-06-02 20:45:58 ----AD---- C:\WINDOWS\system32\CONFIG
2011-06-02 20:44:30 ----D---- C:\WINDOWS\system32\WBEM
2011-06-02 20:41:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-02 18:49:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-01 13:48:31 ----RD---- C:\WINDOWS\Offline Web Pages
2011-05-28 17:43:59 ----D---- C:\WINDOWS\network diagnostic
2011-05-15 08:55:27 ----HD---- C:\WINDOWS\INF
2011-05-12 10:59:53 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-02-13 86160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-03-16 137656]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-12-13 61960]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2010-04-20 34280]
S3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2010-09-27 267624]
S3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2009-11-10 18560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mbr;mbr; \??\C:\DOCUME~1\Tim\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P2k;Motorola iDEN P2k Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-03-19 38912]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-23 12416]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-23 19840]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-23 21632]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 VBEngNT;VBEngNT; \??\C:\WINDOWS\system32\drivers\VBEngNT.sys []
S3 VBFilt;VBFilt; \??\C:\WINDOWS\system32\Filt\VBFilt.dll []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 IHA_MessageCenter;IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-06-07 311296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Logfile of random's system information tool 1.08 (written by random/random)
Run by Tim at 2011-06-07 07:44:52
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 15 GB (44%) free of 35 GB
Total RAM: 254 MB (26% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:45:23 AM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Tim\Desktop\RSIT.exe
C:\Program Files\trend micro\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: (no name) - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg

--
End of file - 7571 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-09-23 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\system32\dla\tfswshx.dll [2004-03-15 118836]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-05 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-12-13 281768]
"OutpostMonitor"=C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray /noservice []
"OutpostFeedBack"=C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe /dump:os_startup []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-10-07 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-09-24 40368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2009-07-06 195072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe [2004-03-15 122933]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe [2003-09-03 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2009-09-15 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2007-08-16 236016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [2007-11-12 1447184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-10-30 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
C:\PROGRA~1\Quicken\bagent.exe [2003-07-29 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE"="C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\Program Files\Common Files\AOL\System Information\sinf.exe"="C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL"
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe"="C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe"="C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Disabled:MediaManager9 Module"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\America Online 9.0a\waol.exe"="C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe"="C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9"

======List of files/folders created in the last 1 months======

2011-06-07 07:44:52 ----D---- C:\rsit
2011-06-06 12:39:19 ----D---- C:\_OTL
2011-06-05 07:49:13 ----ASH---- C:\hiberfil.sys
2011-06-04 18:50:41 ----SHD---- C:\RECYCLER
2011-06-04 14:38:53 ----A---- C:\ComboFix.txt
2011-06-04 13:52:34 ----D---- C:\WINDOWS\temp
2011-06-03 15:06:40 ----A---- C:\WINDOWS\system32\MSIevent.bat
2011-06-03 15:06:40 ----A---- C:\WINDOWS\system32\cmdVBS.vbs
2011-06-03 14:57:22 ----D---- C:\Program Files\Verizon
2011-06-02 18:48:58 ----D---- C:\Program Files\ESET
2011-05-29 11:35:27 ----D---- C:\Program Files\ERUNT

======List of files/folders modified in the last 1 months======

2011-06-07 07:45:22 ----D---- C:\Program Files\Trend Micro
2011-06-07 07:44:53 ----D---- C:\WINDOWS\Prefetch
2011-06-06 17:16:26 ----D---- C:\Program Files\Quicken
2011-06-06 17:15:41 ----A---- C:\WINDOWS\QUICKEN.INI
2011-06-06 12:45:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-06-06 12:45:00 ----A---- C:\WINDOWS\ModemLog_Standard Modem.txt
2011-06-06 12:44:55 ----A---- C:\WINDOWS\ModemLog_Intel(R) 537EP V9x DF PCI Modem.txt
2011-06-06 12:43:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-06-06 12:40:06 ----AD---- C:\WINDOWS\system32\drivers\ETC
2011-06-06 12:36:33 ----D---- C:\WINDOWS\ERDNT
2011-06-06 12:21:44 ----SHD---- C:\System Volume Information
2011-06-06 12:19:40 ----D---- C:\WINDOWS\system32\NtmsData
2011-06-06 12:09:54 ----D---- C:\WINDOWS\Registration
2011-06-05 07:41:45 ----D---- C:\WINDOWS\SYSTEM32
2011-06-05 07:27:43 ----A---- C:\WINDOWS\ntbtlog.txt
2011-06-05 07:26:21 ----D---- C:\WINDOWS\Minidump
2011-06-05 07:26:21 ----AD---- C:\WINDOWS
2011-06-04 14:39:13 ----D---- C:\Qoobox
2011-06-04 14:27:38 ----A---- C:\WINDOWS\system.ini
2011-06-04 13:53:36 ----AD---- C:\WINDOWS\system32\DRIVERS
2011-06-04 13:46:57 ----D---- C:\WINDOWS\AppPatch
2011-06-04 13:46:54 ----D---- C:\Program Files\Common Files
2011-06-03 15:07:15 ----SHD---- C:\WINDOWS\Installer
2011-06-03 15:07:14 ----D---- C:\Config.Msi
2011-06-03 14:57:22 ----D---- C:\Program Files
2011-06-03 14:52:13 ----D---- C:\WINDOWS\system32\FxsTmp
2011-06-02 20:45:58 ----AD---- C:\WINDOWS\system32\CONFIG
2011-06-02 20:44:30 ----D---- C:\WINDOWS\system32\WBEM
2011-06-02 20:41:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-06-02 18:49:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2011-06-01 13:48:31 ----RD---- C:\WINDOWS\Offline Web Pages
2011-05-28 17:43:59 ----D---- C:\WINDOWS\network diagnostic
2011-05-15 08:55:27 ----HD---- C:\WINDOWS\INF
2011-05-12 10:59:53 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]
R0 drvmcdb;drvmcdb; C:\WINDOWS\system32\drivers\drvmcdb.sys [2004-02-13 86160]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-05-01 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-03-16 137656]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2002-11-08 17217]
R1 SandBox;SandBox; \??\C:\WINDOWS\system32\drivers\SandBox.sys []
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-01-14 5621]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-01-14 23219]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-12-13 61960]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-02-27 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-03-15 25685]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-03-15 34837]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-03-15 4117]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-03-15 2233]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-03-15 85972]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-03-15 14229]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-03-15 6357]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-03-15 98580]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-03-15 100597]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-10-30 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-10-30 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-10-30 21568]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 IntelC51;IntelC51; C:\WINDOWS\System32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\System32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\System32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\System32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-08-29 5888]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-06 580992]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-13 42752]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S3 afw;Agnitum firewall driver; C:\WINDOWS\system32\DRIVERS\afw.sys [2010-04-20 34280]
S3 afwcore;afwcore; C:\WINDOWS\system32\drivers\afwcore.sys [2010-09-27 267624]
S3 ASWFilt;ASWFilt; \??\C:\WINDOWS\system32\Filt\ASWFilt.dll []
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 FlyUsb;FLY Fusion; C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2009-11-10 18560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mbr;mbr; \??\C:\DOCUME~1\Tim\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 P2k;Motorola iDEN P2k Device; C:\WINDOWS\system32\DRIVERS\P2k.sys [2004-03-19 38912]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbbus;LGE CDMA Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-23 12416]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-23 19840]
S3 USBModem;LGE CDMA USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-23 21632]
S3 usbser;Motorola USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 VBEngNT;VBEngNT; \??\C:\WINDOWS\system32\drivers\VBEngNT.sys []
S3 VBFilt;VBFilt; \??\C:\WINDOWS\system32\Filt\VBFilt.dll []
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-03-16 269480]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 IHA_MessageCenter;IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 143360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-12 153376]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-06-07 311296]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 acssrv;Agnitum Client Security Service; C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-07-24 358896]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2007-08-16 309744]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2007-08-16 166384]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-07-24 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-08-16 1092080]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

timmyt224

2011-06-07, 13:54

info.txt logfile of random's system information tool 1.08 2011-06-07 07:45:39

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{0ADEA8E1-B211-41B8-8DD4-D9A5FB04A5FA}
-->MsiExec.exe /I{267D350E-51AB-40B8-AF9F-DA7ED5687044}
-->MsiExec.exe /I{7A9DC8F6-2466-4E04-BF51-BE499C5D02BD}
-->MsiExec.exe /I{85BD5F12-49EF-4B40-B1E0-77D85F6E99BF}
-->MsiExec.exe /I{EA9741F6-A7F2-497B-BBE4-2ED0136649BE}
-->MsiExec.exe /X{C628EC93-8E17-4114-BCE7-2D181B93FA0F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10q_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 8.2.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A82000000003}
Adobe Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~2\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft Panorama Maker 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}\Setup.exe" -l0x9
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlackBerry Desktop Software 4.3-->MsiExec.exe /I{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Desktop Software 4.3-->MsiExec.exe /i{0D048BE8-AE02-4CB5-A428-616B9848E4A7}
BlackBerry Device Software Updater-->MsiExec.exe /X{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}
BUM-->MsiExec.exe /I{55937F00-A69B-4049-8D3A-1C7729742B6F}
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
File Uploader-->MsiExec.exe /X{237CD223-1B9D-47E8-A76C-E478B83CCEA2}
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB945060-v3)-->"C:\WINDOWS\$NtUninstallKB945060-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Photosmart and Deskjet 7.0 Software-->C:\Program Files\HP\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe -datfile hphscr12.dat -showdisconnect -forcereboot
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
IHA_MessageCenter-->MsiExec.exe /I{BEDF5135-3DDC-4488-BA2C-D94AB4BB8DA2}
Intel(R) 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel(R) 537EP V9x DF PCI Modem"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
Intel(R) PROSet-->MsiExec.exe /I{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_4fdcdad\Setup.exe /APR-REMOVE
LG USB Modem driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Encarta Encyclopedia Standard 2004-->MsiExec.exe /I{04410044-9149-45C6-A806-F2BF9CFCE762}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable - KB2467175-->MsiExec.exe /X{a0fe116e-9a8a-466f-aee0-625cb7c207e3}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
Nikon Message Center-->MsiExec.exe /X{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}
Nikon Transfer-->MsiExec.exe /X{E9757890-7EC5-46C8-99AB-B00F07B6525C}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Picture Control Utility-->MsiExec.exe /X{87441A59-5E64-4096-A170-14EFE67200C3}
Quicken 2004-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8} anything
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Revo Uninstaller 1.91-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Rhapsody Player Engine-->MsiExec.exe /I{84F1DE76-C48C-4281-87A0-CC9548D1E7F9}
Roxio Media Manager-->MsiExec.exe /X{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}
Safari-->MsiExec.exe /I{2D6ED011-055B-4041-B198-BB903827EBFB}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2491683)-->"C:\WINDOWS\$NtUninstallKB2491683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SFR2-->MsiExec.exe /I{ABE068DF-8DC4-4947-ABFC-DD2B40850225}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
Shockwave-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB978506)-->"C:\WINDOWS\ie8updates\KB978506-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Verizon FiOS Activation-->"C:\WINDOWS\FIOS\unins000.exe"
ViewNX-->MsiExec.exe /X{F007CBCE-D714-4C0B-8CE9-9B0D78116468}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
Vz In Home Agent-->MsiExec.exe /I{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Hosts File======

::1 localhost

======Security center information======

AV: AntiVir Desktop (outdated)
FW: Outpost Security Suite (disabled)

======System event log======

Computer Name: TORCHIA
Event Code: 18
Message: TIMEOUT<agent.exe> C:\...ice\Database\update.ini

Record Number: 369304
Source Name: avgntflt
Time Written: 20110511153527.000000-240
Event Type: warning
User:

Computer Name: TORCHIA
Event Code: 18
Message: TIMEOUT<agent.exe> C:\...ice\Database\update.ini

Record Number: 369303
Source Name: avgntflt
Time Written: 20110511153501.000000-240
Event Type: warning
User:

Computer Name: TORCHIA
Event Code: 18
Message: TIMEOUT<agent.exe> C:\...ice\Database\update.ini

Record Number: 369302
Source Name: avgntflt
Time Written: 20110511152435.000000-240
Event Type: warning
User:

Computer Name: TORCHIA
Event Code: 18
Message: TIMEOUT<agent.exe> C:\...ice\Database\update.ini

Record Number: 369301
Source Name: avgntflt
Time Written: 20110511152409.000000-240
Event Type: warning
User:

Computer Name: TORCHIA
Event Code: 18
Message: TIMEOUT<agent.exe> C:\...ice\Database\update.ini

Record Number: 369299
Source Name: avgntflt
Time Written: 20110511152342.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: TORCHIA
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1756
Source Name: Application Hang
Time Written: 20090910080448.000000-240
Event Type: error
User:

Computer Name: TORCHIA
Event Code: 1002
Message: Hanging application qw.exe, version 13.1.1.28, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1753
Source Name: Application Hang
Time Written: 20090909141958.000000-240
Event Type: error
User:

Computer Name: TORCHIA
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1752
Source Name: Application Hang
Time Written: 20090908155912.000000-240
Event Type: error
User:

Computer Name: TORCHIA
Event Code: 0
Message: Configuration section system.serviceModel.activation already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 1731
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090816104942.000000-240
Event Type: warning
User:

Computer Name: TORCHIA
Event Code: 0
Message: Configuration section system.runtime.serialization already exists in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 1730
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20090816104942.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CW_UPDATE"=Y
"iHA_Version"=1.00.00

-----------------EOF-----------------

ken545

2011-06-07, 18:16

When RSIT was installed it installed Hijackthis, lets use it to remove a few items

Open HijackThis > Do a System Scan Only, close your browser and all open windows including this one, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.

O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost

Reboot your system and run this cleaner

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop

Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

Unplug the power on your Cable Modem for about 3 minutes or so and then plug it back in and check for those redirects

timmyt224

2011-06-07, 23:56

Ken, I just have an icon for the RSIT, no Hijack This. Maybe I'm confused, long day. However, either send me a link or clue so we can attempt this process. Thanks again, T

ken545

2011-06-08, 00:29

Go into your Program Files, it should be there

Or try here
C:\Program Files\trend micro\Tim.exe

timmyt224

2011-06-08, 01:24

I ran both of these applications as requested and did a reboot with the cable modem disconnected. Once back up and running and attempted a search under a new tab and was redirected once again, scour was still present.

ken545

2011-06-08, 01:43

Post a new HJT log

What you need to do is reset your cable modem. There should be a reset button somewhere on it, not familiar with what you have, it just is a small button that you can hold in for about 30 seconds that will set it back to defaults.

Then run this program and post the log, it looks like its been successful in removing Scour

http://download.cnet.com/Hitman-Pro-3-32-bit/3000-2239_4-10895604.html

timmyt224

2011-06-08, 01:51

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:49:41 PM, on 6/7/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\Tim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.app.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostMonitor] "C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" /tray /noservice
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemyfios.verizon.net/sdcCommon/download/FIOS/Verizon%20FiOS%20Installer.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254591051484
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_2/axofupld.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://onlinedesigner.hgtv.com/images/app/view22rte.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Agnitum Client Security Service (acssrv) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: (no name) - http://photos.surfline.com/albums/hawaii/IMG_7941.thumb.jpg

--
End of file - 7461 bytes

timmyt224

2011-06-08, 02:25

I ran the Hitman and then did a search under a new tab, once again and was redirected to scour, it's the devil!!!

ken545

2011-06-08, 10:11

I know this may be a project for you but do you have access to another computer that you could borrow from a friend, a laptop would be ideal, and plug it into your cable modem and see if you get redirected on that one. Where thinking it may be the cable modem that is directing you, we have seen this before recently , not just with scour but other sites as well. If the borrowed computer gets redirected also then you will need to have the cable company come out and reset the thing back to factory defaults.

In the meantime I will still be looking for an answer for this, there is one somewhere

Lets try Super Anti Spyware

Please download SuperAntiSpyware Free (http://www.superantispyware.com/superantispyware.html)
Install the program

Run SuperAntiSpyware and click: Check for updates
Once the update is finished, on the main screen, click: Scan your computer
Check: Perform Complete Scan
Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click: Preferences
Click the Statistics/Logs tab
Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your next reply

ken545

2011-06-09, 10:13

When you get a chance check this file please

You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)

Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

C:\Windows\System32\drivers\VolSnap.sys

If the site is busy you can try this one
http://virusscan.jotti.org/en

timmyt224

2011-06-10, 01:28

Ken, Busy with work, having difficulty finding time to catch up! I will be performing theses tasks over the next couple of days.. Thanks for all your help. T

timmyt224

2011-06-11, 17:26

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/10/2011 at 12:21 PM

Application Version : 4.53.1000

Core Rules Database Version : 7245
Trace Rules Database Version: 5057

Scan type : Complete Scan
Total Scan Time : 01:16:41

Memory items scanned : 295
Memory threats detected : 0
Registry items scanned : 8648
Registry threats detected : 0
File items scanned : 27676
File threats detected : 28

Adware.Tracking Cookie
C:\Documents and Settings\Tim\Cookies\tim@casalemedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@imrworldwide[2].txt
C:\Documents and Settings\Tim\Cookies\tim@atdmt[1].txt
C:\Documents and Settings\Tim\Cookies\tim@dc.tremormedia[2].txt
C:\Documents and Settings\Tim\Cookies\tim@media6degrees[2].txt
C:\Documents and Settings\Tim\Cookies\tim@revsci[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ad.yieldmanager[2].txt
C:\Documents and Settings\Tim\Cookies\tim@serving-sys[1].txt
C:\Documents and Settings\Tim\Cookies\tim@doubleclick[1].txt
C:\Documents and Settings\Tim\Cookies\tim@network.realmedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@yieldmanager[1].txt
C:\Documents and Settings\Tim\Cookies\tim@adbrite[1].txt
C:\Documents and Settings\Tim\Cookies\tim@pointroll[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.pointroll[2].txt
C:\Documents and Settings\Tim\Cookies\tim@questionmarket[1].txt
C:\Documents and Settings\Tim\Cookies\tim@tribalfusion[1].txt
C:\Documents and Settings\Tim\Cookies\tim@2o7[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ru4[1].txt
C:\Documents and Settings\Tim\Cookies\tim@realmedia[2].txt
C:\Documents and Settings\Tim\Cookies\tim@invitemedia[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ad.wsod[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.watchmygf[2].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.basal[1].txt
C:\Documents and Settings\Tim\Cookies\tim@ads.bighealthtree[2].txt
C:\Documents and Settings\Tim\Cookies\tim@collective-media[2].txt
C:\Documents and Settings\Tim\Cookies\tim@revsci[1].txt
C:\Documents and Settings\Tim\Cookies\tim@sextube[1].txt
C:\Documents and Settings\Tim\Cookies\tim@www.sextube[2].txt

timmyt224

2011-06-11, 17:52

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 4c8fcb5cc53aab716d810740fe59d025
Date first seen: 2009-03-07 01:14:18 (UTC)
Date last seen: 2011-06-09 11:13:19 (UTC)
Detection ratio: 0/42
_________________________________________________________________

Antivirus Version Last update Result
AhnLab-V3 2011.06.12.00 2011.06.11 -
AntiVir 7.11.9.159 2011.06.11 -
Antiy-AVL 2.0.3.7 2011.06.11 -
Avast 4.8.1351.0 2011.06.11 -
Avast5 5.0.677.0 2011.06.11 -
AVG 10.0.0.1190 2011.06.11 -
BitDefender 7.2 2011.06.11 -
CAT-QuickHeal 11.00 2011.06.11 -
ClamAV 0.97.0.0 2011.06.10 -
Commtouch 5.3.2.6 2011.06.11 -
Comodo 9029 2011.06.11 -
DrWeb 5.0.2.03300 2011.06.11 -
eSafe 7.0.17.0 2011.06.09 -
eTrust-Vet 36.1.8380 2011.06.10 -
F-Prot 4.6.2.117 2011.06.10 -
F-Secure 9.0.16440.0 2011.06.11 -
Fortinet 4.2.257.0 2011.06.11 -
GData 22 2011.06.11 -
Ikarus T3.1.1.104.0 2011.06.11 -
Jiangmin 13.0.900 2011.06.11 -
K7AntiVirus 9.106.4798 2011.06.10 -
Kaspersky 9.0.0.837 2011.06.11 -
McAfee 5.400.0.1158 2011.06.11 -
McAfee-GW-Edition 2010.1D 2011.06.11 -
Microsoft 1.6903 2011.06.11 -
NOD32 6198 2011.06.11 -
Norman 6.07.10 2011.06.10 -
nProtect 2011-06-11.01 2011.06.11 -
Panda 10.0.3.5 2011.06.11 -
PCTools 7.0.3.5 2011.06.10 -
Prevx 3.0 2011.06.11 -
Rising 23.61.04.07 2011.06.10 -
Sophos 4.66.0 2011.06.11 -
SUPERAntiSpyware 4.40.0.1006 2011.06.11 -
Symantec 20111.1.0.186 2011.06.11 -
TheHacker 6.7.0.1.228 2011.06.11 -
TrendMicro 9.200.0.1012 2011.06.11 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.11 -
VBA32 3.12.16.1 2011.06.10 -
VIPRE 9551 2011.06.11 -
ViRobot 2011.6.11.4507 2011.06.11 -
VirusBuster 14.0.76.0 2011.06.11 -
MD5: 4c8fcb5cc53aab716d810740fe59d025
SHA1: da4e0035c58c0edb422eace57b35c90027e15f59
SHA256: 010eac43dbed700b73e4fc908faaf9f6a0168ebbd5d86751e49bc33aaa18bfa4
File size: 52352 bytes
Scan date: 2011-06-11 15:38:21 (UTC)

ken545

2011-06-12, 00:00

Hello Tim.

I had you check that file because it its corrupted or infected it will prevent TDSSKiller from running but it looks like its ok.

All SAS removed where tracking cookies

The reason I wanted you to try to hook up another computer to your cable modem was to detect if its infected but dont know if you did that yet.

Drag Combofix to the trash and lets grab a fresh new updated copy and run it please and post the log

timmyt224

2011-06-13, 13:04

ComboFix 11-06-11.01 - Tim 06/12/2011 12:51:19.7.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.150 [GMT -4:00]
Running from: C:\Documents and Settings\Tim\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Security Suite *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

((((((((((((((((((((((((( Files Created from 2011-05-12 to 2011-06-12 )))))))))))))))))))))))))))))))

2011-06-08 11:01:15 . 2011-06-08 11:01:15 -------- d-----w- C:\Documents and Settings\Tim\Application Data\SUPERAntiSpyware.com
2011-06-08 11:01:15 . 2011-06-08 11:01:15 -------- d-----w- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-08 11:00:41 . 2011-06-10 14:37:47 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-06-07 23:58:26 . 2011-06-07 23:58:26 17480 ----a-w- C:\WINDOWS\system32\drivers\hitmanpro35.sys
2011-06-07 23:57:07 . 2011-06-07 23:57:43 -------- d-----w- C:\Documents and Settings\All Users\Application Data\Hitman Pro
2011-06-07 11:44:52 . 2011-06-07 11:45:39 -------- d-----w- C:\rsit
2011-06-06 16:39:19 . 2011-06-06 16:39:19 -------- d-----w- C:\_OTL
2011-06-03 19:06:40 . 2011-06-03 19:06:40 260 ----a-w- C:\WINDOWS\system32\cmdVBS.vbs
2011-06-03 19:06:40 . 2011-06-03 19:06:40 256 ----a-w- C:\WINDOWS\system32\MSIevent.bat
2011-06-03 18:58:20 . 2011-06-03 18:58:21 65536 ----a-r- C:\Documents and Settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2011-06-03 18:58:20 . 2011-06-03 18:58:20 65536 ----a-r- C:\Documents and Settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2011-06-03 18:58:20 . 2011-06-03 18:58:20 65536 ----a-r- C:\Documents and Settings\Tim\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe
2011-06-03 18:57:22 . 2011-06-03 19:06:46 -------- d-----w- C:\Program Files\Verizon
2011-06-03 00:44:27 . 2011-06-03 00:44:27 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2011-06-02 22:48:58 . 2011-06-02 22:48:58 -------- d-----w- C:\Program Files\ESET
2011-05-29 15:35:27 . 2011-06-03 00:41:39 -------- d-----w- C:\Program Files\ERUNT
2011-05-14 17:01:39 . 2011-05-14 17:01:40 404640 ----a-w- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-16 21:13:24 . 2011-01-03 21:44:08 137656 ----a-w- C:\WINDOWS\system32\drivers\avipbb.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
C:\Program Files\Agnitum\Outpost Security Suite Free\op_shell.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 08:40:32 218032]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-05-23 15:00:06 2424192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 13:39:54 281768]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [BU]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe" [BU]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2009-05-26 21:18:30 413696]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 17:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21:41 548352 ----a-w- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-10-07 15:10:04 932288 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-24 09:15:10 40368 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-07-06 18:30:16 195072 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12:16 15360 ----a-w- C:\WINDOWS\SYSTEM32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
2004-03-15 06:04:00 122933 ----a-w- C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 07:41:10 49152 ----a-w- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 13:32:24 77824 ----a-w- C:\WINDOWS\SYSTEM32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 13:36:20 114688 ----a-w- C:\WINDOWS\SYSTEM32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 13:35:40 94208 ----a-w- C:\WINDOWS\SYSTEM32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 01:12:44 221184 ----a-w- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 18:03:10 292128 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12:28 1695232 ----a-w- C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nikon Transfer Monitor]
2009-09-15 23:47:36 479232 ----a-w- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
C:\Program Files\Dell\Media Experience\PCMService.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 21:18:30 413696 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-08-16 12:56:14 236016 ----a-w- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 15:44:46 248552 ----a-w- C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01:00 110592 ----a-w- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"C:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter

R1 SandBox;SandBox;C:\WINDOWS\system32\drivers\SandBox.sys [2010-11-26 15:52:28 710696]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 18:25:48 12872]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 18:41:30 67656]
R2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe [x]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-27 12:25:27 136360]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-05-24 20:02:04 143360]
R2 mrtRate;mrtRate; [x]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2010-04-20 20:05:16 34280]
R3 afwcore;afwcore;C:\WINDOWS\system32\drivers\afwcore.sys [2010-09-27 20:40:28 267624]
R3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll [2010-11-26 15:51:16 72352]
R3 FlyUsb;FLY Fusion;C:\WINDOWS\system32\DRIVERS\FlyUsb.sys [2009-11-10 14:27:06 18560]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\WINDOWS\System32\svchost.exe [2008-04-14 00:12:36 14336]
R3 VBEngNT;VBEngNT;C:\WINDOWS\system32\drivers\VBEngNT.sys [2010-06-09 13:44:20 241088]
R3 VBFilt;VBFilt;C:\WINDOWS\system32\Filt\VBFilt.dll [2010-11-26 15:51:22 36288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

------- Supplementary Scan -------

uStart Page = hxxp://www.app.com/
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = localhost
TCP: DhcpNameServer = 192.168.1.1 71.250.0.12

timmyt224

2011-06-13, 15:21

Ken, I currently have no access to another computer to verify if the modem is infected.

ken545

2011-06-13, 18:16

Hello Tim,

Just wanted to let you know that I will be away and offline from this evening until the end of the month, but this thread will still be open , another helper will step in and help you.

CF log looks ok, still being redirected to Scour ?

Its most likely where we havent looked, it may be in your add remove programs in the control panel

ProgramFiles%\scourtoolbar\uninstall.exe<--

Dakeyras

2011-06-15, 13:34

Hi. :)

I will be assisting your good self from this point onwards...

Please answer my colleagues last query(post #75) and we will go from there, thank you.

Dakeyras

2011-06-19, 15:41

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.