TechSpot

Initial window opens quickly other internet windows hang up

Solved
By jagsjim
Dec 2, 2010
  1. My Father-in-law's computer has been slow. When trying to surf the web his initial Firefox window usually pops open to his homepage "Google". But then he is unable to open other windows or change to other websites. I ran AVG, MBAM, Spybot, SuperAnti-Virus, HJT, and a couple other freeware virus protections. I also tried ESET online scanner without any success. I will post the logs that are requested. Thank you in advance for any help you can give.

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5234

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/2/2010 3:50:36 PM
    mbam-log-2010-12-02 (15-50-36).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 187513
    Time elapsed: 1 hour(s), 8 minute(s), 20 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ==============================

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-27.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/2/2005 6:31:00 PM
    System Uptime: 12/2/2010 1:13:16 PM (3 hours ago)

    Motherboard: Dell Computer Corp. | | 0R8060
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 70 GiB total, 58.687 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    Adobe Flash Player 10 Plugin
    Adobe Shockwave Player 11.5
    Advanced SystemCare 3
    Apple Application Support
    Apple Software Update
    AVG 2011
    Banctec Service Agreement
    BellSouth Application Management
    Big City Adventure - Sydney Australia
    Blue Coat® K9 Web Protection 4.0.296
    CCleaner
    Championship Mah Jongg
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Dell Driver Reset Tool
    Dell Photo AIO Printer 962
    Dell Picture Studio v3.0
    Dell Support Center
    Dell System Restore
    DellSupport
    Foxit Creator
    Foxit Reader
    Frontline Registry Cleaner
    HiJackThis
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hoyle Casino 6
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Photo Album 5
    Jasc Paint Shop Pro 8 Dell Edition
    Jasc Paint Shop Pro Studio, Dell Editon
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 22
    LogMeIn
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Basic Edition 2003
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft Plus! Photo Story 2 LE
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Word 2002
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multi Virus Cleaner 2009
    Print to Fax
    QuickTime
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Spybot - Search & Destroy
    SUPERAntiSpyware
    Sweet Tooth To Go 1.1
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinPoker 6
    Works Upgrade
    YOU DON'T KNOW JACK Volume 2

    ==== Event Viewer Messages From Past Week ========

    12/2/2010 8:31:28 AM, error: Service Control Manager [7022] - The AVGIDSAgent service hung on starting.
    12/2/2010 12:17:55 PM, error: Service Control Manager [7034] - The Fax service terminated unexpectedly. It has done this 1 time(s).
    12/2/2010 12:05:45 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Lavasoft Ad-Aware Service service, but this action failed with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    12/2/2010 12:05:29 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    12/2/2010 1:14:53 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
    12/2/2010 1:14:34 PM, error: SRService [104] - The System Restore initialization process failed.
    12/1/2010 9:30:04 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The McciCMService service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The LMIGuardianSvc service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The dlbx_device service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:27 PM, error: Service Control Manager [7034] - The Blue Coat K9 Web Protection service terminated unexpectedly. It has done this 1 time(s).
    12/1/2010 8:17:11 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    12/1/2010 6:39:26 PM, error: Print [6161] - The document Test Page owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 1035464. Number of bytes printed: 1035464. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
    12/1/2010 3:02:45 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357984. Number of bytes printed: 357984. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
    12/1/2010 3:00:44 PM, error: Print [6161] - The document Owner Link - Pay Online Rec... owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 357772. Number of bytes printed: 357772. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
    11/28/2010 9:54:16 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 549357. Number of bytes printed: 549357. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).
    11/28/2010 9:48:27 AM, error: Print [6161] - The document https://www.spservicing.com/services/customer/ezpay/EZPayReceip owned by Barbara failed to print on printer Dell Photo AIO Printer 962. Data type: LEMF. Size of the spool file in bytes: 560128. Number of bytes printed: 560128. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\D7160M71. Win32 error code returned by the print processor: 6 (0x6).

    ==== End Of File ===========================
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:22:21 PM, on 12/2/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [DLBXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe

    --
    End of file - 2659 bytes


    DDS (Ver_10-11-27.01) - NTFSx86
    Run by Barbara at 16:22:19.40 on Thu 12/02/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.151 [GMT -5:00]

    AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    ============== Running Processes ===============

    C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    C:\Program Files\AVG\AVG10\avgwdsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\AVG\AVG10\avgtray.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\LogMeIn\x86\RaMaint.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\dlbxcoms.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\Program Files\LogMeIn\x86\LogMeIn.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Barbara\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
    TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
    TB: {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No File
    TB: {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No File
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [dlbxmon.exe] "c:\program files\dell photo aio printer 962\dlbxmon.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [DLBXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBXtime.dll,_RunDLLEntry@16
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\barbara\applic~1\mozilla\firefox\profiles\s7ugm6t7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Extension: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

    ============= SERVICES / DRIVERS ===============

    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 249424]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 299984]
    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [2009-12-11 74088]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-10 6127184]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\blue coat k9 web protection\k9filter.exe [2009-12-11 1078632]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-9-29 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-8-4 47640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2010-12-02 18:49:35 -------- d-----w- c:\program files\AxBx
    2010-12-02 18:30:21 -------- d-----w- c:\program files\IObit
    2010-12-02 18:30:21 -------- d-----w- c:\docume~1\barbara\applic~1\IObit
    2010-12-02 05:34:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\FrontLine Registry Cleaner
    2010-12-02 05:33:47 -------- d-----w- c:\program files\Frontline Registry Cleaner
    2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    2010-12-01 17:00:49 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    2010-12-01 17:00:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
    2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    2010-12-01 17:00:48 159744 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
    2010-12-01 16:57:04 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple
    2010-12-01 16:56:30 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Apple Computer
    2010-12-01 16:42:26 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-12-01 16:29:02 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Mozilla
    2010-12-01 15:19:20 -------- d-----w- c:\docume~1\barbara\applic~1\AVG10
    2010-12-01 15:15:07 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
    2010-12-01 15:10:28 -------- d-----w- c:\windows\system32\drivers\AVG
    2010-12-01 15:10:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
    2010-12-01 15:04:26 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
    2010-12-01 14:49:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
    2010-12-01 14:45:00 -------- d-----w- c:\docume~1\barbara\applic~1\SUPERAntiSpyware.com
    2010-11-29 20:14:21 -------- d-----w- c:\docume~1\barbara\locals~1\applic~1\Temp
    2010-11-10 03:20:58 299984 ----a-w- c:\windows\system32\drivers\avgtdix.sys

    ==================== Find3M ====================

    2010-09-29 22:31:14 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-29 22:31:14 53632 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
    2010-09-29 22:31:13 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-29 22:31:13 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

    ============= FINISH: 16:23:25.34 ===============
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-12-02 19:41:20
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
    Running: p8lk4luq.exe; Driver: C:\DOCUME~1\Barbara\LOCALS~1\Temp\fgroapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xEF5746C0]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEBC57620]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xEF574810]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xEF5748B0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!ZwYieldExecution + 25E 804E4AB8 2 Bytes [C0, 46]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7E8CF80]

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp bckd.sys (Blue Coat Web Filter driver/Blue Coat Systems, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \FileSystem\Fastfat \Fat B9838D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

    ---- EOF - GMER 1.0.15 ----
     
  2. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    MBR Check incase it's needed

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Home Edition
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 131):
    0x804D7000 \WINDOWS\system32\ntoskrnl.exe
    0x806FF000 \WINDOWS\system32\hal.dll
    0xF8A38000 \WINDOWS\system32\KDCOM.DLL
    0xF8948000 \WINDOWS\system32\BOOTVID.dll
    0xF84E9000 ACPI.sys
    0xF8A3A000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xF84D8000 pci.sys
    0xF8538000 isapnp.sys
    0xF8B00000 pciide.sys
    0xF87B8000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xF8A3C000 intelide.sys
    0xF8548000 MountMgr.sys
    0xF84B9000 ftdisk.sys
    0xF87C0000 PartMgr.sys
    0xF8558000 VolSnap.sys
    0xF84A1000 atapi.sys
    0xF8568000 disk.sys
    0xF8578000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xF8481000 fltmgr.sys
    0xF87C8000 PxHelp20.sys
    0xF846A000 KSecDD.sys
    0xF83DD000 Ntfs.sys
    0xF83B0000 NDIS.sys
    0xF8396000 Mup.sys
    0xF87D0000 avgrkx86.sys
    0xF8588000 AVGIDSEH.Sys
    0xF86E8000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xF8168000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xF8154000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xF8828000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xF8130000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xF8830000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xF80FC000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
    0xF80D9000 \SystemRoot\system32\DRIVERS\ks.sys
    0xF7FDA000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
    0xF7F33000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xF8838000 \SystemRoot\System32\Drivers\Modem.SYS
    0xF8840000 \SystemRoot\system32\DRIVERS\fdc.sys
    0xF86F8000 \SystemRoot\system32\DRIVERS\serial.sys
    0xF8A30000 \SystemRoot\system32\DRIVERS\serenum.sys
    0xF7F1F000 \SystemRoot\system32\DRIVERS\parport.sys
    0xF8708000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xF8718000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xF7EDF000 \SystemRoot\system32\drivers\smwdm.sys
    0xF7EBB000 \SystemRoot\system32\drivers\portcls.sys
    0xF8728000 \SystemRoot\system32\drivers\drmk.sys
    0xF7E08000 \SystemRoot\system32\drivers\senfilt.sys
    0xF8BF2000 \SystemRoot\system32\DRIVERS\lmimirr.sys
    0xF8BF3000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xF8738000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xF8372000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xF7DF1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xF8748000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xF8758000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xF8848000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xF7DE0000 \SystemRoot\system32\DRIVERS\psched.sys
    0xF8768000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xF8850000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xF8858000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xF8778000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xF8860000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xF8868000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xF8A64000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xF7D82000 \SystemRoot\system32\DRIVERS\update.sys
    0xF8366000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xF8638000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xF8688000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xF8A8E000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xF82CA000 \SystemRoot\system32\drivers\MODEMCSA.sys
    0xF82BA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xF88C8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0xF7C06000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
    0xEF2FF000 \SystemRoot\system32\DRIVERS\usbscan.sys
    0xEE3C7000 \SystemRoot\system32\DRIVERS\usbprint.sys
    0xF8AD4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xF8C3A000 \SystemRoot\System32\Drivers\Null.SYS
    0xF8AD6000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEE3B7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xEE3AF000 \SystemRoot\System32\drivers\vga.sys
    0xF8AD8000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xF8ADA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xEE3A7000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xEE39F000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xEF2F3000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xECCDE000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xECC85000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xECC70000 \SystemRoot\system32\drivers\bckd.sys
    0xECC28000 \SystemRoot\system32\DRIVERS\avgtdix.sys
    0xECC02000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xF85F8000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xEF2E7000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xF8618000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xEBFFD000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0xEBC91000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xEBC6F000 \SystemRoot\System32\drivers\afd.sys
    0xECE7A000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xEBC4D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    0xEBD42000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0xEBC22000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xEBBB2000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xF7BD6000 \SystemRoot\System32\Drivers\Fips.SYS
    0xEBFF5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xEBB76000 \SystemRoot\system32\DRIVERS\avgldx86.sys
    0xEF5E2000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xECE0A000 \SystemRoot\System32\drivers\Dxapi.sys
    0xEDE72000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0xF8B33000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF020000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF042000 \SystemRoot\System32\ialmdev5.DLL
    0xBF077000 \SystemRoot\System32\ialmdd5.DLL
    0xBA7C4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0xBA693000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xEF572000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
    0xF8A56000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
    0xBA606000 \SystemRoot\system32\drivers\wdmaud.sys
    0xF8788000 \SystemRoot\system32\drivers\sysaudio.sys
    0xBA3C8000 \SystemRoot\system32\DRIVERS\srv.sys
    0xF8AD2000 \??\C:\Program Files\LogMeIn\x86\RaInfo.sys
    0xEF592000 \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
    0xBA62F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xBA576000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
    0xBA148000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
    0xB9855000 \??\C:\DOCUME~1\Barbara\LOCALS~1\Temp\fgroapog.sys
    0xB9831000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB97E0000 \SystemRoot\system32\DRIVERS\e100b325.sys
    0xBF159000 \SystemRoot\System32\lmimirr.dll
    0xBF15E000 \SystemRoot\System32\lmimirr2.dll
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 46):
    0 System Idle Process
    4 System
    392 C:\WINDOWS\system32\smss.exe
    636 csrss.exe
    660 C:\WINDOWS\system32\winlogon.exe
    708 C:\WINDOWS\system32\services.exe
    720 C:\WINDOWS\system32\lsass.exe
    880 C:\WINDOWS\system32\svchost.exe
    952 svchost.exe
    992 C:\WINDOWS\system32\svchost.exe
    1048 svchost.exe
    1076 svchost.exe
    1248 C:\WINDOWS\system32\spoolsv.exe
    1356 svchost.exe
    1392 C:\Program Files\AVG\AVG10\avgwdsvc.exe
    1404 C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    1556 C:\Program Files\Java\jre6\bin\jqs.exe
    1708 C:\WINDOWS\explorer.exe
    1776 C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    1820 C:\Program Files\LogMeIn\x86\ramaint.exe
    1888 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    1924 C:\Program Files\Common Files\Motive\McciCMService.exe
    1996 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    136 C:\WINDOWS\system32\svchost.exe
    216 wdfmgr.exe
    2180 C:\Program Files\Analog Devices\Core\smax4pnp.exe
    2216 C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE
    2292 C:\WINDOWS\system32\hkcmd.exe
    2304 C:\WINDOWS\system32\igfxpers.exe
    2364 C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    2756 C:\Program Files\AVG\AVG10\avgtray.exe
    2796 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3408 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    3736 C:\WINDOWS\system32\dlbxcoms.exe
    2040 alg.exe
    1664 C:\WINDOWS\system32\wscntfy.exe
    3528 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    3604 C:\Program Files\Mozilla Firefox\firefox.exe
    2256 C:\Program Files\AVG\AVG10\avgemcx.exe
    2252 C:\Program Files\AVG\AVG10\avgnsx.exe
    3060 C:\Program Files\AVG\AVG10\avgchsvx.exe
    3692 C:\Program Files\AVG\AVG10\avgrsx.exe
    2528 C:\Program Files\AVG\AVG10\avgcsrvx.exe
    3280 C:\Program Files\LogMeIn\x86\LogMeIn.exe
    3716 C:\WINDOWS\system32\igfxsrvc.exe
    1724 C:\Documents and Settings\Barbara\My Documents\Downloads\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

    PhysicalDrive0 Model Number: Maxtor6Y080L0, Rev: YAR41BW0

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 Dell MBR code detected
    SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


    Done!
     
  3. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    Please, uninstall Frontline Registry Cleaner...

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ===================================================================

    Does IE work fine?

    Close Firefox. Go Start>All Programs>Mozilla Firefox, click on Mozilla Firefox (safe mode). Same issue?

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  4. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    Thank you for the help.

    I removed Frontline like you recommended. My Father-in-law was using IE before I changed him to Firefox with the same results. I just tried in safemode and it was still slow/unresponsive. I am trying to get that CPU to download combofix right now. I attempted to run a version of combofix earlier in the day and it wouldn't with AVG. Even when I disabled AVG. Maybe this version will be different. I'll let you know if I can run it.
     
  5. Broni

    Broni Malware Annihilator Posts: 47,156   +264

  6. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    I just attempted to run Combofix and I got the same error message about not working with AVG. Please Advise.
     
  7. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    I've used AVG for the past 5 years would you recommend that I change to AVAST or AVIRA?
     
  8. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Did you read my previous reply?
     
  9. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    Yeah I am trying to download the file now. Every time I open a window and type in an address it STOPS. So hopefully a reboot will do the trick.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    OK..............
     
  11. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    ComboFix 10-12-02.04 - Barbara 12/03/2010 1:19.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.228 [GMT -5:00]
    Running from: c:\documents and settings\Barbara\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\tmp.reg

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
    .

    2010-12-02 23:12 . 2010-12-02 23:13 -------- d-----w- c:\documents and settings\Administrator
    2010-12-02 18:30 . 2010-12-02 18:30 -------- d-----w- c:\program files\IObit
    2010-12-02 18:30 . 2010-12-02 18:30 -------- d-----w- c:\documents and settings\Barbara\Application Data\IObit
    2010-12-02 05:34 . 2010-12-02 05:34 -------- d-----w- c:\documents and settings\All Users\Application Data\FrontLine Registry Cleaner
    2010-12-02 05:33 . 2010-12-03 05:11 -------- d-----w- c:\program files\Frontline Registry Cleaner
    2010-12-01 17:00 . 2010-12-01 17:00 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll
    2010-12-01 16:59 . 2010-12-01 17:00 -------- d-----w- c:\program files\QuickTime
    2010-12-01 16:59 . 2010-12-01 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-12-01 16:57 . 2010-12-01 16:57 -------- d-----w- c:\program files\Common Files\Apple
    2010-12-01 16:57 . 2010-12-01 16:57 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\Apple
    2010-12-01 16:56 . 2010-12-01 16:56 -------- d-----w- c:\program files\Apple Software Update
    2010-12-01 16:56 . 2010-12-01 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-12-01 16:56 . 2010-12-01 16:56 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\Apple Computer
    2010-12-01 16:29 . 2010-12-01 16:29 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\Mozilla
    2010-12-01 15:19 . 2010-12-01 15:19 -------- d-----w- c:\documents and settings\Barbara\Application Data\AVG10
    2010-12-01 15:15 . 2010-12-01 15:15 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
    2010-12-01 15:04 . 2010-12-03 06:10 -------- d-----w- c:\program files\Blue Coat K9 Web Protection
    2010-12-01 14:49 . 2010-12-01 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2010-12-01 14:45 . 2010-12-01 14:45 -------- d-----w- c:\documents and settings\Barbara\Application Data\SUPERAntiSpyware.com
    2010-11-29 23:45 . 2010-11-29 23:45 -------- d-sh--w- c:\documents and settings\LogMeInRemoteUser\IETldCache
    2010-11-29 20:14 . 2010-11-29 20:16 -------- d-----w- c:\documents and settings\Barbara\Local Settings\Application Data\Temp
    2010-11-29 20:14 . 2010-11-29 20:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
    2010-11-29 20:09 . 2010-11-29 20:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-29 22:42 . 2009-04-05 00:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-29 22:42 . 2009-04-05 00:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-29 22:31 . 2008-08-04 15:07 53632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
    2010-09-29 22:31 . 2008-08-04 15:07 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
    2010-09-29 22:31 . 2008-08-04 15:07 29568 ----a-w- c:\windows\system32\LMIport.dll
    2010-09-29 22:31 . 2008-08-04 15:07 87424 ----a-w- c:\windows\system32\LMIinit.dll
    2010-09-18 16:23 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
    2010-09-18 06:53 . 2004-08-10 17:51 974848 ----a-w- c:\windows\system32\mfc42.dll
    2010-09-18 06:53 . 2004-08-10 17:51 954368 ----a-w- c:\windows\system32\mfc40.dll
    2010-09-18 06:53 . 2004-08-10 17:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
    2010-09-15 09:50 . 2010-09-10 00:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 07:29 . 2009-04-05 07:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-09-10 05:58 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-10 05:58 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-10 05:58 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-10 05:40 . 2010-09-10 05:40 388096 ----a-r- c:\documents and settings\Barbara\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-22 2424560]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
    "dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2005-01-18 425984]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
    "DLBXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll" [2004-12-07 69632]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoPopUpsOnBoot"= 1 (0x1)
    "NoActiveDesktop"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2010-09-29 22:31 87424 ----a-w- c:\windows\system32\LMIinit.dll
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
    2007-11-15 14:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSCD_Creator]
    2005-03-18 20:02 107520 ----a-w- c:\dell\MEDIAEXE\PreODM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 15:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=

    R1 bckd;bckd;c:\windows\system32\drivers\bckd.sys [12/11/2009 5:52 PM 74088]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    R2 bckwfs;Blue Coat K9 Web Protection;c:\program files\Blue Coat K9 Web Protection\k9filter.exe [12/11/2009 5:52 PM 1078632]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9/29/2010 5:38 PM 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 5:46 PM 12856]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    FF - ProfilePath - c:\documents and settings\Barbara\Application Data\Mozilla\Firefox\Profiles\s7ugm6t7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    .
    - - - - ORPHANS REMOVED - - - -

    Toolbar-Locked - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(644)
    c:\windows\system32\LMIinit.dll
    c:\windows\system32\LMIRfsClientNP.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2010-12-03 01:28:56
    ComboFix-quarantined-files.txt 2010-12-03 06:28

    Pre-Run: 63,432,110,080 bytes free
    Post-Run: 63,389,474,816 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

    - - End Of File - - 733FE0610A0BF6F2321DE7AD1F064D39
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Looks good :)

    Now, you can reinstall your AV program.
    I'd suggest, dropping AVG and installing Avast, or Avira instead, but it's up to you.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    I haven't been able to install OTL yet because the computer is still acting up. As soon as I get a window open I'll post a log.
     
  14. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    Just to keep you updated. Even my first page is taking a long time to pop up now.
     
  15. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    OTL Extras logfile created on: 12/3/2010 8:08:44 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Barbara\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 58.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.35 Gb Total Space | 58.58 Gb Free Space | 83.27% Space Free | Partition Type: NTFS

    Computer Name: D7160M71 | User Name: Barbara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)
    "C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
    "{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel(R) PROSet for Wired Connections
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
    "{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011
    "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011
    "{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B874E63E-ED0B-49E3-B8D7-C4A31D84E697}" = Championship Mah Jongg
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{ED0042CA-CBEA-4ADF-B262-FE0518AF2221}" = LogMeIn
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVG" = AVG 2011
    "BellSouth Application Management" = BellSouth Application Management
    "Big City Adventure - Sydney Australia" = Big City Adventure - Sydney Australia
    "Blue Coat K9 Web Protection" = Blue Coat® K9 Web Protection 4.0.296
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "Dell Photo AIO Printer 962" = Dell Photo AIO Printer 962
    "Foxit Creator" = Foxit Creator
    "Foxit Reader" = Foxit Reader
    "Hoyle Casino 6" = Hoyle Casino 6
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "Sweet Tooth To Go 1.1" = Sweet Tooth To Go 1.1
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinPoker6" = WinPoker 6
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher
    "YDKJV2" = YOU DON'T KNOW JACK Volume 2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/4/2009 10:37:36 AM | Computer Name = D7160M71 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/4/2009 10:37:38 AM | Computer Name = D7160M71 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/4/2009 10:37:38 AM | Computer Name = D7160M71 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 10/17/2009 7:02:22 PM | Computer Name = D7160M71 | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 12/2/2010 7:23:27 PM | Computer Name = D7160M71 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service netman with
    arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

    Error - 12/2/2010 7:24:11 PM | Computer Name = D7160M71 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/2/2010 7:26:34 PM | Computer Name = D7160M71 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/2/2010 7:27:39 PM | Computer Name = D7160M71 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 12/2/2010 7:45:44 PM | Computer Name = D7160M71 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/2/2010 7:46:30 PM | Computer Name = D7160M71 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 12/3/2010 1:58:29 AM | Computer Name = D7160M71 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/3/2010 2:00:18 AM | Computer Name = D7160M71 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2

    Error - 12/3/2010 2:09:14 AM | Computer Name = D7160M71 | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 12/3/2010 2:09:24 AM | Computer Name = D7160M71 | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
     
  16. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    OTL logfile created on: 12/3/2010 8:08:44 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Barbara\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    510.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 58.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 70.35 Gb Total Space | 58.58 Gb Free Space | 83.27% Space Free | Partition Type: NTFS

    Computer Name: D7160M71 | User Name: Barbara | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/03 20:07:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barbara\My Documents\Downloads\OTL.exe
    PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
    PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
    PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
    PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
    PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
    PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
    PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
    PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
    PRC - [2010/09/29 17:31:32 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
    PRC - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    PRC - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe
    PRC - [2008/07/24 17:46:10 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    PRC - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
    PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/01/18 09:57:22 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exE
    PRC - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) -- C:\WINDOWS\system32\dlbxcoms.exe
    PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/03 20:07:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Barbara\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
    SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
    SRV - [2010/09/29 17:31:32 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
    SRV - [2010/09/23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
    SRV - [2009/12/11 17:52:52 | 001,078,632 | ---- | M] (Blue Coat Systems, Inc.) [Auto | Running] -- C:\Program Files\Blue Coat K9 Web Protection\k9filter.exe -- (bckwfs)
    SRV - [2008/07/24 17:46:10 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
    SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
    SRV - [2004/12/16 10:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Running] -- C:\WINDOWS\System32\dlbxcoms.exe -- (dlbx_device)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Barbara\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2010/09/29 17:31:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/19 20:42:38 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    DRV - [2010/08/19 20:42:36 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/19 20:42:34 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2009/12/11 17:52:52 | 000,074,088 | ---- | M] (Blue Coat Systems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\bckd.sys -- (bckd)
    DRV - [2009/09/04 12:46:04 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2009/09/04 12:46:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2008/07/24 17:46:12 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
    DRV - [2008/07/24 17:46:10 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
    DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/11/17 21:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 21:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 21:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/03 01:43:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/02 11:25:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/01 12:00:49 | 000,000,000 | ---D | M]

    [2010/12/01 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Extensions
    [2009/11/06 12:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/12/01 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\Mozilla\Firefox\Profiles\s7ugm6t7.default\extensions
    [2010/12/03 19:06:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/01 11:42:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/03 01:25:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
    O4 - HKLM..\Run: [dlbxmon.exe] C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe (Dell)
    O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPopUpsOnBoot = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.74.166 68.87.68.166
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Barbara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Barbara\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/03 01:42:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/12/03 01:42:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
    [2010/12/03 01:35:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/12/03 01:17:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/12/03 01:15:17 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/12/03 00:31:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Barbara\Recent
    [2010/12/02 13:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/12/02 13:30:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Application Data\IObit
    [2010/12/02 11:07:04 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/02 00:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
    [2010/12/02 00:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
    [2010/12/01 11:59:24 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/12/01 11:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
    [2010/12/01 11:57:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/12/01 11:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Local Settings\Application Data\Apple
    [2010/12/01 11:56:46 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2010/12/01 11:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2010/12/01 11:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Local Settings\Application Data\Apple Computer
    [2010/12/01 11:37:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\My Documents\Downloads
    [2010/12/01 11:29:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Local Settings\Application Data\Mozilla
    [2010/12/01 11:28:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/12/01 10:26:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
    [2010/12/01 10:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Application Data\AVG10
    [2010/12/01 10:15:07 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/01 10:04:26 | 000,000,000 | ---D | C] -- C:\Program Files\Blue Coat K9 Web Protection
    [2010/12/01 09:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2010/11/29 15:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Barbara\Local Settings\Application Data\Temp
    [2010/11/29 15:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/11/29 15:09:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/11/09 22:20:58 | 000,299,984 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/12/03 19:58:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/12/03 19:56:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/12/03 19:56:21 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/03 08:17:20 | 100,856,596 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/12/03 01:47:02 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/12/03 01:25:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/12/03 01:18:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/12/03 01:14:30 | 003,983,894 | R--- | M] () -- C:\Documents and Settings\Barbara\Desktop\ComboFix.exe
    [2010/12/02 18:34:36 | 000,001,544 | ---- | M] () -- C:\WINDOWS\dellstat.ini
    [2010/12/02 18:20:42 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\HiJackThis.lnk
    [2010/12/02 16:24:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\p8lk4luq.exe
    [2010/12/02 16:20:39 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\dds.scr
    [2010/12/02 13:26:52 | 000,744,853 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\PAVARK.exe
    [2010/12/01 20:03:08 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Barbara\My Documents\spider.sav
    [2010/12/01 11:28:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/01 11:28:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/12/01 10:50:19 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/07 12:11:49 | 000,384,596 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/07 12:11:48 | 000,054,280 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/12/03 08:17:20 | 100,856,596 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
    [2010/12/03 01:47:02 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
    [2010/12/03 01:18:01 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/12/03 01:17:56 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/12/03 01:15:38 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/12/03 01:15:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/03 01:14:24 | 003,983,894 | R--- | C] () -- C:\Documents and Settings\Barbara\Desktop\ComboFix.exe
    [2010/12/02 18:26:19 | 534,827,008 | -HS- | C] () -- C:\hiberfil.sys
    [2010/12/02 16:24:31 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\p8lk4luq.exe
    [2010/12/02 16:20:38 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Barbara\Desktop\dds.scr
    [2010/12/01 11:28:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/12/01 11:28:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/12/01 10:50:19 | 000,000,000 | ---- | C] () -- C:\install.rdf
    [2010/10/29 20:19:53 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
    [2010/10/29 20:06:21 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
    [2010/01/25 11:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2009/04/05 00:35:05 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Barbara\Local Settings\Application Data\fusioncache.dat
    [2009/04/04 23:20:27 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\fcfffccea_z.dll
    [2007/11/22 11:10:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2007/11/22 09:41:58 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
    [2006/11/16 05:47:55 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Barbara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2005/10/30 13:54:44 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2005/10/30 13:52:53 | 000,000,890 | ---- | C] () -- C:\WINDOWS\disney.ini
    [2005/06/02 20:59:29 | 000,000,324 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2005/06/02 19:31:29 | 000,027,398 | ---- | C] () -- C:\Documents and Settings\Barbara\Application Data\wklnhst.dat
    [2005/06/02 17:38:20 | 000,001,544 | ---- | C] () -- C:\WINDOWS\dellstat.ini
    [2005/05/29 13:30:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/05/29 13:17:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/05/29 12:53:40 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
    [2005/05/29 12:53:24 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/01/20 04:56:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsr.dll
    [2005/01/20 04:55:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\dlbxcur.dll
    [2005/01/20 04:55:24 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\dlbxjswr.dll
    [2005/01/20 04:54:40 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbxinsb.dll
    [2005/01/20 04:54:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dlbxcub.dll
    [2005/01/20 04:54:18 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\dlbxins.dll
    [2005/01/20 04:53:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbxcu.dll
    [2005/01/20 04:46:32 | 000,397,312 | ---- | C] () -- C:\WINDOWS\System32\dlbxutil.dll
    [2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/03/30 16:45:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbxvs.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/11/07 20:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/12/03 01:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2010/12/01 09:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2005/06/02 17:43:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2009/05/04 18:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Christmasville
    [2010/12/01 10:15:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2010/12/02 00:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
    [2010/05/08 12:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
    [2008/08/04 09:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2010/12/03 01:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2009/07/15 20:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2009/07/26 10:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
    [2008/02/04 18:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/06/21 17:29:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2009/11/07 20:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\acccore
    [2010/12/01 10:19:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\AVG10
    [2010/12/02 13:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\IObit
    [2009/11/16 15:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\LimeWire
    [2009/04/04 23:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\OfficeUpdate12
    [2009/07/15 20:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\PlayFirst
    [2009/05/04 18:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Barbara\Application Data\SpinTop

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/08/04 10:07:43 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/11/22 09:41:53 | 020,080,682 | ---- | M] () -- C:\BellSouthIW.re~
    [2010/09/10 10:10:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/03 01:18:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/12/03 01:28:57 | 000,010,523 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2005/05/29 12:59:04 | 000,004,758 | RH-- | M] () -- C:\dell.sdr
    [2010/12/03 19:17:21 | 000,013,145 | ---- | M] () -- C:\dlbx.log
    [2010/10/24 07:42:48 | 000,007,830 | ---- | M] () -- C:\dlbxscan.log
    [2010/12/03 19:56:21 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
    [2005/06/04 16:25:04 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2010/12/01 10:50:19 | 000,000,000 | ---- | M] () -- C:\install.rdf
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2009/11/07 20:02:41 | 000,000,356 | -H-- | M] () -- C:\IPH.PH
    [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/04/04 19:29:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/12/03 19:56:10 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2008/08/04 13:19:30 | 000,258,016 | ---- | M] () -- C:\rapport.txt
    [2005/06/02 17:43:56 | 000,000,172 | ---- | M] () -- C:\setupfax.log
    [2005/05/29 13:20:52 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
    [2007/06/03 17:14:42 | 000,000,080 | ---- | M] () -- C:\wl.err

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/10 13:03:42 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/12/16 10:15:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL
    [2010/09/29 17:31:14 | 000,053,632 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LMIproc.dll
    [2003/01/16 19:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxprint2000.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
    [1 C:\WINDOWS\System32\config\*.tmp files -> C:\WINDOWS\System32\config\*.tmp -> ]

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/04/04 19:40:14 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2005/06/02 17:33:57 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2004/08/10 13:08:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Barbara\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/03 01:14:30 | 003,983,894 | R--- | M] () -- C:\Documents and Settings\Barbara\Desktop\ComboFix.exe
    [2010/12/02 16:24:32 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\p8lk4luq.exe
    [2010/12/02 13:26:52 | 000,744,853 | ---- | M] () -- C:\Documents and Settings\Barbara\Desktop\PAVARK.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2010/03/20 20:00:57 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Barbara\My Documents\AdbeRdr930_en_US.exe

    < %USERPROFILE%\*.exe >
    [2009/04/04 20:53:24 | 000,721,912 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Barbara\gotomypc_428.exe

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2005/06/02 17:33:56 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Barbara\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2009/03/22 08:34:36 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Barbara\Cookies\desktop.ini
    [2010/12/03 19:59:28 | 000,245,760 | -HS- | M] () -- C:\Documents and Settings\Barbara\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/09/15 12:27:54 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 01:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 01:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 01:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Barbara\Desktop\PAVARK.exe:License
    @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
    @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809

    < End of report >
     
  17. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Please, explain.

    =========================================================================

    Your computer would run much better, if you added another 512MB of RAM.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - No CLSID value found.
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
      O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/...ndows-i586.cab (Reg Error: Value error.)
      [2010/12/02 00:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
      [2010/12/02 00:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
      @Alternate Data Stream - 20 bytes -> C:\Documents and Settings\Barbara\Desktop\PAVARK.exe:License
      @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5
      @Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7776B809
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  18. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    When I said that the computer was acting up, I meant that I can't consistently open firefox or ie windows. My homepage is Google. When I click on Firefox it slowly opens to Google. Once I type in a new address the computer just hangs. The CPU Resources have been low, nowhere near 100%.
     
  19. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29}\ not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
    C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner\RegistryDefrag\Backup folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner\RegistryDefrag folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner\Backup folder moved successfully.
    C:\Program Files\Frontline Registry Cleaner folder moved successfully.
    ADS C:\Documents and Settings\Barbara\Desktop\PAVARK.exe:License deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:870EB3F5 deleted successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:7776B809 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Barbara
    ->Temp folder emptied: 11683 bytes
    ->Temporary Internet Files folder emptied: 231291 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 49868441 bytes
    ->Flash cache emptied: 456 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 816 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 15488643 bytes

    Total Files Cleaned = 63.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Barbara
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: LogMeInRemoteUser

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12032010_204526

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  20. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    Go on with other steps for now.
    Any other programs acting up, or he computer by itself?
     
  21. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    I haven't really tried to do anything else since the problems have started. I'm trying to get thru the remaining steps. Let me know if you can think of anything else. I'll post any other details as I get them.
     
  22. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    I asked some questions in my previous reply.
     
  23. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    AVG 2011
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Java 2 Runtime Environment, SE v1.4.2_03
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    AVG avgemc.exe
    ````````````````````````````````
    DNS Vulnerability Check:


    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 47,156   +264

    You still didn't answer my questions....

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
     
  25. jagsjim

    jagsjim TS Rookie Topic Starter Posts: 56

    I'll remove old version of Java once Eset is done. I'm not sure what other question you asked me besides the one about other programs working. I've opened Microsoft Word and Windows Media Player and both appear to be working fine.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.