TechSpot

Popups and lost icons

By lland
Dec 19, 2011
  1. I started getting a zillion popups, lost my desktop icons, and all start menu items were empty. I ran Malwarebytes in Safe Mode and it seems to have cleaned most of it as the popups stopped and icons and start menu items are back but the machine is still running very slow (yes, it's an older, slower machine, but it's running slower than usual). I ran Malwarebytes, GEMR, and DDS as instructed. The logs are pasted below and on the next post.

    Thanks in advance.

    LL

    * * * * *

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8394

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/18/2011 9:58:24 PM
    mbam-log-2011-12-18 (21-58-24).txt

    Scan type: Quick scan
    Objects scanned: 284790
    Time elapsed: 2 hour(s), 19 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-19 07:13:47
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HDS72404 rev.KFAO
    Running: 13muzdtb.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\fxtdapog.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76C787E]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAB15AF3C]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76C7BFE]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAB15AFE4]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAB15B080]
    SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAB15B11C]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB88BC360, 0x35363F, 0xE8000020]
    init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB86FFF80]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1728] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
    Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)

    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

    Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
    Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\PROGRA~1\MICROS~4\Office10\OUTLCM.DLL
    Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
    Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\LocalServer32@ "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\ProgID@ Symantec.stCallbackManager.1
    Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435}
    Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\VersionIndependentProgID@ Symantec.stCallbackManager

    ---- EOF - GMER 1.0.15 ----

    * * * * *

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Larry at 7:15:42 on 2011-12-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1829 [GMT -5:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
    svchost.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\Dit.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
    BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - No File
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    {85e0b171-04fa-11d1-b7da-00a0c90348d6}
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [Logitech Utility] Logi_MwX.Exe
    mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
    mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Dit] Dit.exe
    mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
    mRun: [nwiz] nwiz.exe /install
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Linked&In Search
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.cmphotocenter.com/is/BPImageEditor.cab
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
    DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coke/Coupons.cab
    DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
    DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
    DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{2D9F8A47-EA5B-49E3-80EC-59C2384311EC} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{D63C3C3D-F2C8-4A7F-ACE6-2FBBC3DE3401} : DhcpNameServer = 192.168.0.1
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko8.dll
    FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko9.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
    FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
    FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
    FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
    FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-27 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 286736]
    R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-13 820568]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-9 24652]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
    R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [2004-12-18 140440]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [2006-7-2 18644]
    S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [2006-7-2 51166]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-23 17149]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
    S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2004-12-27 15104]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-4-23 272128]
    S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\system32\drivers\ONSTOR2K.SYS [2005-1-12 33754]
    S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-12-11 239472]
    .
    =============== Created Last 30 ================
    .
    2011-12-11 03:34:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-11-25 23:23:42 -------- d-----w- c:\documents and settings\larry\application data\Garmin
    2011-11-25 23:23:11 -------- d-----w- c:\program files\Garmin
    2011-11-25 16:41:56 -------- d-----w- c:\documents and settings\larry\.swt
    2011-11-25 16:37:30 -------- d-----w- c:\program files\Vuze
    2011-11-25 16:37:14 -------- d-----w- c:\documents and settings\larry\local settings\application data\Vuze_Remote
    2011-11-25 16:37:12 -------- d-----w- c:\program files\Vuze_Remote
    .
    ==================== Find3M ====================
    .
    2011-12-16 23:43:49 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-12-10 14:38:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-11-02 19:48:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-16 18:47:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2003-08-27 19:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
    .
    ============= FINISH: 7:20:31.32 ===============
     
  2. lland

    lland TS Rookie Topic Starter

    Final log

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/17/2004 11:05:37 PM
    System Uptime: 12/18/2011 7:29:44 PM (12 hours ago)
    .
    Motherboard: Dell Inc. | | 0CH776
    Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 370 GiB total, 143.837 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    G: is FIXED (NTFS) - 298 GiB total, 86.393 GiB free.
    Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2567: 9/21/2011 3:26:54 PM - System Checkpoint
    RP2568: 9/22/2011 4:07:37 PM - System Checkpoint
    RP2569: 9/23/2011 5:07:36 PM - System Checkpoint
    RP2570: 9/24/2011 10:42:43 AM - Installed AVG 2012
    RP2571: 9/24/2011 10:42:55 AM - Removed AVG 2011
    RP2572: 9/24/2011 10:43:39 AM - Installed AVG 2012
    RP2573: 9/24/2011 10:49:29 AM - Removed AVG 2011
    RP2574: 9/25/2011 12:02:06 PM - System Checkpoint
    RP2575: 9/26/2011 12:49:08 PM - System Checkpoint
    RP2576: 9/27/2011 1:49:07 PM - System Checkpoint
    RP2577: 9/28/2011 7:45:59 PM - System Checkpoint
    RP2578: 9/29/2011 3:00:20 AM - Software Distribution Service 3.0
    RP2579: 9/30/2011 3:59:38 AM - System Checkpoint
    RP2580: 10/1/2011 4:59:26 AM - System Checkpoint
    RP2581: 10/2/2011 5:59:29 AM - System Checkpoint
    RP2582: 10/3/2011 6:59:26 AM - System Checkpoint
    RP2583: 10/4/2011 7:59:28 AM - System Checkpoint
    RP2584: 10/5/2011 8:59:26 AM - System Checkpoint
    RP2585: 10/6/2011 9:59:25 AM - System Checkpoint
    RP2586: 10/7/2011 11:00:11 AM - System Checkpoint
    RP2587: 10/8/2011 11:05:06 AM - System Checkpoint
    RP2588: 10/9/2011 12:04:58 PM - System Checkpoint
    RP2589: 10/10/2011 1:05:01 PM - System Checkpoint
    RP2590: 10/11/2011 2:04:58 PM - System Checkpoint
    RP2591: 10/12/2011 12:15:31 PM - Restore Operation
    RP2592: 10/13/2011 12:54:41 PM - System Checkpoint
    RP2593: 10/14/2011 3:00:21 AM - Software Distribution Service 3.0
    RP2594: 10/15/2011 3:02:28 AM - System Checkpoint
    RP2595: 10/16/2011 3:25:14 AM - System Checkpoint
    RP2596: 10/17/2011 4:25:42 AM - System Checkpoint
    RP2597: 10/18/2011 5:25:02 AM - System Checkpoint
    RP2598: 10/19/2011 5:56:13 AM - System Checkpoint
    RP2599: 10/20/2011 6:36:42 AM - System Checkpoint
    RP2600: 10/21/2011 7:36:40 AM - System Checkpoint
    RP2601: 10/22/2011 8:36:38 AM - System Checkpoint
    RP2602: 10/23/2011 11:31:12 PM - System Checkpoint
    RP2603: 10/25/2011 5:48:06 AM - System Checkpoint
    RP2604: 10/26/2011 6:04:25 AM - System Checkpoint
    RP2605: 10/27/2011 7:04:25 AM - System Checkpoint
    RP2606: 10/28/2011 8:58:16 AM - System Checkpoint
    RP2607: 10/29/2011 9:33:47 AM - System Checkpoint
    RP2608: 10/30/2011 9:38:01 AM - System Checkpoint
    RP2609: 10/31/2011 10:38:01 AM - System Checkpoint
    RP2610: 11/1/2011 11:37:58 AM - System Checkpoint
    RP2611: 11/2/2011 12:37:59 PM - System Checkpoint
    RP2612: 11/3/2011 3:27:32 PM - System Checkpoint
    RP2613: 11/4/2011 4:56:29 PM - System Checkpoint
    RP2614: 11/5/2011 5:07:40 PM - System Checkpoint
    RP2615: 11/6/2011 5:04:13 PM - System Checkpoint
    RP2616: 11/7/2011 6:32:04 PM - System Checkpoint
    RP2617: 11/8/2011 7:04:13 PM - System Checkpoint
    RP2618: 11/8/2011 10:05:25 PM - Installed Windows Media Player 10
    RP2619: 11/8/2011 10:06:15 PM - Software Distribution Service 3.0
    RP2620: 11/9/2011 3:00:42 AM - Software Distribution Service 3.0
    RP2621: 11/10/2011 3:00:33 AM - Software Distribution Service 3.0
    RP2622: 11/11/2011 3:04:20 AM - System Checkpoint
    RP2623: 11/12/2011 3:00:33 AM - Software Distribution Service 3.0
    RP2624: 11/13/2011 3:27:57 AM - System Checkpoint
    RP2625: 11/14/2011 3:32:40 AM - System Checkpoint
    RP2626: 11/15/2011 4:32:51 AM - System Checkpoint
    RP2627: 11/16/2011 5:32:12 AM - System Checkpoint
    RP2628: 11/17/2011 5:58:55 AM - System Checkpoint
    RP2629: 11/18/2011 11:29:45 PM - System Checkpoint
    RP2630: 11/20/2011 12:16:00 AM - System Checkpoint
    RP2631: 11/21/2011 1:16:00 AM - System Checkpoint
    RP2632: 11/22/2011 2:16:55 AM - System Checkpoint
    RP2633: 11/23/2011 3:16:10 AM - System Checkpoint
    RP2634: 11/24/2011 3:20:50 AM - System Checkpoint
    RP2635: 11/25/2011 4:21:12 AM - System Checkpoint
    RP2636: 11/26/2011 4:53:42 AM - System Checkpoint
    RP2637: 11/27/2011 5:52:55 AM - System Checkpoint
    RP2638: 11/28/2011 6:36:11 AM - System Checkpoint
    RP2639: 11/29/2011 7:36:11 AM - System Checkpoint
    RP2640: 11/30/2011 8:36:07 AM - System Checkpoint
    RP2641: 12/1/2011 9:36:06 AM - System Checkpoint
    RP2642: 12/2/2011 10:36:06 AM - System Checkpoint
    RP2643: 12/3/2011 11:45:22 AM - System Checkpoint
    RP2644: 12/4/2011 12:36:07 PM - System Checkpoint
    RP2645: 12/5/2011 1:52:14 PM - System Checkpoint
    RP2646: 12/5/2011 9:13:34 PM - Restore Operation
    RP2647: 12/5/2011 9:20:12 PM - Restore Operation
    RP2648: 12/7/2011 11:54:31 AM - System Checkpoint
    RP2649: 12/8/2011 12:35:01 PM - System Checkpoint
    RP2650: 12/9/2011 1:35:01 PM - System Checkpoint
    RP2651: 12/10/2011 2:20:56 AM - Restore Operation
    RP2652: 12/10/2011 2:24:37 AM - Restore Operation
    RP2653: 12/10/2011 9:33:31 AM - Installed Ad-Aware
    RP2654: 12/10/2011 9:34:28 AM - Installed Ad-Aware
    RP2655: 12/11/2011 12:29:38 AM - Restore Operation
    RP2656: 12/16/2011 7:51:16 PM - System Checkpoint
    RP2657: 12/17/2011 3:01:33 AM - Software Distribution Service 3.0
    RP2658: 12/18/2011 3:26:04 AM - System Checkpoint
    RP2659: 12/19/2011 3:35:02 AM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    23_24_2500Tour
    2400
    2400_2500Help
    2400_2500trb
    42 Bit Scanner
    7-Zip 4.57
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Download Manager
    Adobe Flash Player 11 Plugin
    Adobe Help Center 2.0
    Adobe Photoshop Elements 4.0
    Adobe Reader 9.4.7
    Adobe Shockwave Player 11.5
    Advanced DVD Player
    AiO_Scan
    AIOMinimal
    AiOSoftware
    Amazon MP3 Downloader 1.0.3
    Anime Studio Debut 6.2
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audio User's Guide
    AVG 2012
    AVG Free 9.0
    Bing Maps 3D
    Bonjour
    Broadcom Advanced Control Suite 2
    CarChip 2.3.3
    Combat Arms
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Copy
    Creative MediaSource
    CreativeProjects
    Cypress USB Mass Storage Driver Installation
    Dell Digital Jukebox Driver
    Dell Driver Reset Tool
    Dell Networking Guide
    Digital Line Detect
    Director
    DocProc
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVD43 v4.6.0
    Epson Event Manager
    EPSON NX420 Series Printer Uninstall
    EPSON Scan
    EpsonNet Print
    EpsonNet Setup 3.2
    Fax
    Garmin USB Drivers
    Garmin WebUpdater
    GdiplusUpgrade
    Glary Utilities 2.40.0.1326
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    HandBrake 0.9.5
    Hauppauge WinTV2000
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Image Zone 3.5
    HP PSC & OfficeJet 3.5
    HP Software Update
    hpmdtab
    HPSystemDiagnostics
    HyperCam 2
    Icy Tower v1.3.1
    IHA_MessageCenter
    ImgBurn
    InstantShare
    Intel Application Accelerator
    Internet Explorer Default Page
    IObit Malware Fighter
    iTunes
    Java 2 Runtime Environment, SE v1.4.2_03
    Java Auto Updater
    Java(TM) 6 Update 2
    Java(TM) 6 Update 24
    Logitech MouseWare 9.77
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Memeo Instant Backup
    Memories Disc Creator 2.0
    MetaFrame Presentation Server Web Client for Win32
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office XP Professional with FrontPage
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Helper
    Mozilla Firefox (3.6.24)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Multi-Card Reader & Flash Disk
    NETGEAR WG111v2 wireless USB 2.0 adapter
    Nexon Game Manager
    NVIDIA Drivers
    NVIDIA PhysX v8.10.13
    Octoshape add-in for Adobe Flash Player
    overland
    Oxelon Media Converter 1.1
    Palm Desktop
    Palm VersaMail(tm)
    Pando Media Booster
    Photo Click
    Photo Story 3 for Windows
    PhotoGallery
    PowerDVD 5.3
    Precision Link 2.6
    PrintScreen
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Rhapsody
    Rhapsody Player Engine
    Roll
    Safari
    Scan
    Seagate Dashboard
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SereneScene Marine Aquarium 2
    SkinsHP1
    SkinsHP2
    Skype™ 4.1
    Sonic DLA
    Sound Blaster Audigy 2 ZS
    SoundMAX
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wpaiper
    TurboTax 2008 wrapper
    TurboTax 2009
    TurboTax 2009 WinPerFedFormset
    TurboTax 2009 WinPerReleaseEngine
    TurboTax 2009 WinPerTaxSupport
    TurboTax 2009 wpaiper
    TurboTax 2009 wrapper
    TurboTax 2010
    TurboTax 2010 wiliper
    TurboTax 2010 WinPerFedFormset
    TurboTax 2010 WinPerReleaseEngine
    TurboTax 2010 WinPerTaxSupport
    TurboTax 2010 wmniper
    TurboTax 2010 wpaiper
    TurboTax 2010 wrapper
    TurboTax Deluxe 2004
    TurboTax Deluxe 2005
    Unload
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB968220)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB Card Reader
    USB Storage Adapter FX (SM1)
    VC 9.0 Runtime
    Ventrilo Client
    Verizon Help and Support Tool
    Viewpoint Media Player
    Virtools 3D Life Player
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Vuze
    Vuze Remote Toolbar
    Vz In Home Agent
    WebFldrs XP
    WebReg
    WexTech AnswerWorks
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR 4.01 (32-bit)
    WordPerfect Office 12
    Yahoo! Internet Mail
    Yahoo! Software Update
    Yahoo! Toolbar
    ZoneAlarm Spy Blocker
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/18/2011 7:37:25 PM, error: System Error [1003] - Error code 10000050, parameter1 e5463000, parameter2 00000000, parameter3 ad5a9e9a, parameter4 00000001.
    12/18/2011 7:30:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    12/16/2011 6:17:45 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    12/16/2011 6:17:11 PM, error: Print [23] - Printer Dell Photo Printer 720,0 failed to initialize because a suitable Dell Photo Printer 720 driver could not be found.
    .
    ==== End Of File ===========================
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll make a deal with you> I'll get those icons and programs back if you share with me what kind of popups you got! There are several different malware programs around now that hide these things. The fixes are not all the same!!
    =========================================
    Please read all of this reply before you begin.
    =========================================
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware itself- only the attribute that is causing the icons and programs to be 'missing- so even if you get them back, please continue on with the cleaning.
    =================================
    I'd like you to run Combofix.You will have to uninstall AVG temporarily as Combofix won't run with it on the system. Please follow this:

    Download AppRemover and save to the desktop
    1. Double click the setup on the desktop> click Next
    2. Select “Remove Security Application”
    3. Let scan finish to determine security apps
    4. A screen like below will appear:
      [​IMG]
    5. Click on Next after choice has been made
    6. Check the AVG program you want to uninstall
    7. After uninstall shows complete, follow online prompts to Exit the program.

    Temporary AV: Use one:
    Avira-AntiVir-Personal-Free-Antivirus
    Avast Free Version
    =============================
    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
      ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =============================================
    I would also like you to Update and rescan with Malwarebytes:
    Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

    When scan has finished, you will see this image:
    [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
    =================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  4. lland

    lland TS Rookie Topic Starter

    Hi Bobbye, and thanks for the help, Unfortunately, I can't tell you anything about the popups. It all happened to my son while I was out of town and when I returned, it was all I could to get things going by running Malwarebytes Anti-Malware in safe mode, which took care of the popups. Sorry.

    I did follow your instructions. Here are the ComboFix and Malwarebytes logs:


    ComboFix 11-12-20.04 - Larry 12/20/2011 12:36:58.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1999 [GMT -5:00]
    Running from: c:\documents and settings\Larry\My Documents\Downloads\ComboFix.exe
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\-1191547543
    c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
    c:\documents and settings\All Users\Application Data\i81nxoYQ8US7nl
    c:\documents and settings\All Users\Application Data\KDih5DWlBc4o0I
    c:\documents and settings\Larry\g2mdlhlpx.exe
    c:\documents and settings\Larry\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\Larry\WINDOWS
    c:\documents and settings\Sam\WINDOWS
    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\dasetup.log
    c:\windows\Downloaded Installations\BMP
    c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\0x0409.ini
    c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\1033.MST
    c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\BACS.msi
    c:\windows\system32\BSTIEPrintCtl1.dll
    c:\windows\system32\DC120fc7_32.dll
    c:\windows\system32\SET21.tmp
    c:\windows\system32\twain.dll
    G:\Autorun.inf
    G:\Setup.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
    .
    .
    2011-12-20 16:13 . 2011-12-20 16:15 -------- d-----w- c:\windows\LastGood
    2011-12-11 21:02 . 2011-12-11 21:05 -------- d-----w- c:\documents and settings\Matthew\Application Data\IObit
    2011-12-11 03:34 . 2011-12-10 14:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-12-06 02:05 . 2011-12-10 07:13 -------- d-----w- c:\documents and settings\Administrator
    2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\documents and settings\Larry\Application Data\Garmin
    2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\program files\DIFX
    2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\program files\Garmin
    2011-11-25 16:41 . 2011-11-25 16:41 -------- d-----w- c:\documents and settings\Larry\.swt
    2011-11-25 16:37 . 2011-11-25 16:37 -------- d-----w- c:\program files\Vuze
    2011-11-25 16:37 . 2011-11-25 16:37 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Vuze_Remote
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-12-16 23:43 . 2004-08-04 11:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-12-10 14:38 . 2010-11-28 01:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-23 13:25 . 2004-08-04 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 17:06 . 2009-02-27 23:27 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-11-02 19:48 . 2011-11-02 19:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-11-01 16:07 . 2004-08-04 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-16 18:47 . 2011-05-18 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-09-28 07:06 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2003-08-27 19:19 . 2004-12-19 22:13 36963 ------w- c:\program files\Common Files\SM1updtr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
    "IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
    "Dit"="Dit.exe" [2003-04-22 61440]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
    "nwiz"="nwiz.exe" [2008-12-25 1657376]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-11 273544]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-19 113664]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 237568]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
    backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Documents and Settings!Larry!Local Settings!Application Data!Google!Chrome!User Data_service_run
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-17 03:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2011-06-11 18:48 490112 ----a-w- c:\program files\Real\realplayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe"= c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\Engine.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57888:TCP"= 57888:TCP:pando Media Booster
    "57888:UDP"= 57888:UDP:pando Media Booster
    "58795:TCP"= 58795:TCP:pando Media Booster
    "58795:UDP"= 58795:UDP:pando Media Booster
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    "58684:TCP"= 58684:TCP:pando Media Booster
    "58684:UDP"= 58684:UDP:pando Media Booster
    .
    R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/27/2009 6:27 PM 64512]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 286736]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 10:33 PM 820568]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 1:35 PM 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/9/2008 6:07 PM 24652]
    R3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [12/18/2004 2:46 PM 140440]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
    R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
    R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
    R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\SYSTEM32\DRIVERS\avcuwfl.sys [7/2/2006 8:28 PM 18644]
    S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\SYSTEM32\DRIVERS\avcuwilo.sys [7/2/2006 8:46 PM 51166]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [4/23/2009 9:11 AM 17149]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
    S3 pmxscan;Visioneer USB Kernel;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/27/2004 6:08 PM 15104]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [4/23/2009 9:05 AM 272128]
    S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\ONSTOR2K.SYS [1/12/2005 5:09 PM 33754]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/11/2011 4:05 PM 239472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
    .
    2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2011-12-20 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-11-16 14:50]
    .
    2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
    .
    2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
    .
    2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224206037-3237532726-2221067861-1007Core.job
    - c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 08:32]
    .
    2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224206037-3237532726-2221067861-1007UA.job
    - c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 08:32]
    .
    2009-07-10 c:\windows\Tasks\NSSstub.job
    - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-09 18:09]
    .
    2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2011-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Linked&In Search
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\3l0ipfxb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-RunOnce-AppRemover - wscript.exe c:\docume~1\Larry\LOCALS~1\Temp\AppRemover_RunBatchSilently.vbs
    MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
    MSConfigStartUp-Google Update - c:\documents and settings\Larry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
    MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
    MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
    MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-12-20 12:52
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\0b\05\19\10&\07?"
    .
    Completion time: 2011-12-20 13:00:55
    ComboFix-quarantined-files.txt 2011-12-20 18:00
    .
    Pre-Run: 154,571,759,616 bytes free
    Post-Run: 162,467,037,184 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    .
    - - End Of File - - 39ED3FAC63554D81DEEF344900820642



    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8403

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/20/2011 9:59:12 PM
    mbam-log-2011-12-20 (21-59-12).txt

    Scan type: Full scan (C:\|G:\|)
    Objects scanned: 513102
    Time elapsed: 8 hour(s), 26 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay- so you would be 'Larry' and 'Sam' would be son? I will be writing some script for removals that will be run through Combofix. I'm going to take a lunch break now and will be back later to review the logs.

    There is a deletion in Combofix that indicated an infected flash drive may have been used. If Drive G is a removable drive, it need to be disinfected: These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    Tell me if you got the 'missing' icons and programs back.
     
  6. lland

    lland TS Rookie Topic Starter

    Hi Robbye,

    Yes, I'm Larry, Sam is my son, and "G" is an external Seagate backup drive

    I ran Flash_Disinfector. I didn't plug any flash drive in and assumed it would disinfect "G" but the screen didn't go blank, it only took a few seconds, and didn't indicate it was cleaning "G" (or anything for that matter). Is this normal or did I do miss something?

    Thanks again.

    Larry
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
    --------------------------------
    If you have any doubt, you can run this disinfector:
    • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
    • Install and run it.
    • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
     
  8. lland

    lland TS Rookie Topic Starter

    Hi and hope you had a good few days off.

    Ran Panda Vaccine. Seemed to work as it asks to vaccinate all flash drives I plug in. A good thing!

    Larry
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I did thank you. I hope your weekend was nice.

    Please share with me what problems have been resolved since you ran the scans.

    Some of the removals in Combofix for 3kebook.ini and akebook.ini are hidden files that install with the Probot SE keylogger by NetHunter Group.
    From what I could find on Safe Sites for this program, it is not something found at the local software store. In fact, it looks like the group is in Cyprus.

    Since this is your home computer used by 3 family members, unless one of the parents have installed this to track the young one, this is not a good thing. Please let me know if the program was installed intentionally.
    =====================================
    New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

    Please do not send a PM during those days.
     
  10. lland

    lland TS Rookie Topic Starter

    Actually, I think I did install that a while back but it has long outlived it's usefulness. Don't remember exactly when I installed it but it was a few years ago and I'm sure I downloaded it through CNET (if that makes a difference).

    Thanks.

    LL
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please uninstall the key logger.
     
  12. lland

    lland TS Rookie Topic Starter

    Hi, I can't find any evidence of it. It won't open (not found), logs won't open (not found), search turns up nothing. Can it be that one of the earlier scans removed it?

    Suggestions?

    LL
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    My apology Larry- I am so incredibly behind!

    You are slow for several reasons:
    1. . You have an excess of unnecessary programs or processes on Startup. They start on boot and run in the background, using system resources.. For example, none of these need to start on boot: Printers, Media Players, Java, Adobe, Games
    2. . You have an excess of Addons-23 Active X Objects in IE.
    3. . You have an excess of Firefox addons: Plugins (19), Components (14) and Extensions (7)
    4. . You have multiple old versions of Java (4)and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!
      Please download JavaRa and unzip it to your desktop.
      Important!***Please close any instances of Internet Explorer before continuing!***
      • Double-click on JavaRa.exe to start the program.
      • From the drop-down menu, choose English and click on Select.
      • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
      • Click Yes when prompted. When JavaRa is done, a notice will appear that
        a logfile has been produced. Click OK.
      • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
      Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
      Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
      =====================================
    5. You have an excess of Scheduled Tasks: Take a look at the, and stop most:
      Opening scheduled tasks to modify or delete them:
      Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
      [o] To delete a task> right-click the task> click Delete.
      c:\windows\Tasks\RealUpgradeLogonTask ( 3 tasks set)
      c:\windows\Tasks\RealUpgradeScheduledTasks[/b] (3 tasks set)
      c:\windows\Tasks\GlaryInitialize
      ======================================
    6. You had/have 4 antivirus processes running: Norton, McAfee, AVG, AdWatch AV. Not only is this 3 too many AV, but it makes the system more vulnerable and slows it down. Anytime you want to change the AV, you should run the uninstaller for the program and delete the program folder.
    ======================================
    It would be interesting to know how much RAM is installed. No matter how much malware is removed, if the above excesses are stopped, your system is going to be slow.

    Please go on to next reply.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When finished with previous reply, please do the following:

    1. To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==========================================
    2. Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    3. Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\program files\viewpoint\common\ViewpointService.exe
    DDS::
    c:\program files\Vuze
    c:\documents and settings\Larry\Local Settings\Application Data\Vuze_Remote
    uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    {85e0b171-04fa-11d1-b7da-00a0c90348d6}
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    IE: Linked&In Search
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}].
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
    [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
    Clearjavacache::
    Driver::
    Viewpoint Manager Service
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Please leave logs in next reply.
     
  15. lland

    lland TS Rookie Topic Starter

    Hi Bobbye,

    No need to apologize for any delay. It was a few days and just wanted to know if we were finished or not (apparently not).

    OK, here's what I've done:

    1. Disabled most startup programs and processes.
    2. Disabled most Firefox and IE addons, plugins, components, and extensions.
    3. Ran JavaRa, deleted old versions, and downloaded the most current version of Java.
    4. Disabled almost all scheduled tasks.
    5. Couldn't find McAfee or Norton in my programs, startup, or Control Panel Add/Delete programs but deleted their respective folders (any suggestions as to how to get rid of these would be appreciated).
    6. Disabled AdWatch Live (left AVG AV alone).
    7. System is running 3.0GB RAM. Max is 4.0 (old system), should I go for it? It's certainly cheap enough.
    8. Ran ESETOnline. It didn't find anything and therefore didn't produce a log.
    9. Ran CKScanner - Log (CKFILES.TXT) posted below.
    10. Dragged CFScript into ComboFix and ran it - Log (COMBOFIX010712.TXT) posted below.

    Once again, I thank you for all you've done.

    * * * * *

    CKFILES.TXT>>>> Edit by Bobbye> there is no log for this

    2nd Edit: Copy of the script (COMBOFIX010712.TXT pasted into this reply after runnng has been removed by Bobbye to prevent confusion.
    ------=---------------------

    ComboFix 12-01-06.03 - Larry 01/07/2012 13:10:03.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2158 [GMT -5:00]
    Running from: c:\documents and settings\Larry\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Larry\Desktop\cfscript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    FILE ::
    "c:\program files\viewpoint\common\ViewpointService.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\adobe\reader 9.0\reader\Reader_sl.exe
    c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    c:\program files\hp\digital imaging\bin\hpqtra08.exe
    c:\program files\real\realplayer\update\realsched.exe
    c:\program files\viewpoint\common\ViewpointService.exe
    c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    c:\windows\system32\drivers\etc\hosts.ics
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_VIEWPOINT_MANAGER_SERVICE
    -------\Service_Viewpoint Manager Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-07 04:15 . 2012-01-07 04:15 -------- d-----w- c:\program files\ESET
    2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
    2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
    2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\ARPPRODUCTICON.exe
    2011-12-26 04:33 . 2011-12-26 04:33 -------- d-----w- c:\program files\LightScribe
    2011-12-26 04:31 . 2011-12-26 04:31 -------- d-----w- c:\program files\LightScribe Template Labeler
    2011-12-26 04:29 . 2011-12-26 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
    2011-12-26 04:27 . 2011-12-26 04:28 -------- d-----w- c:\program files\Common Files\LightScribe
    2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\program files\Panda USB Vaccine
    2011-12-20 18:19 . 2012-01-07 13:54 -------- d-----w- c:\windows\system32\drivers\AVG
    2011-12-11 21:02 . 2011-12-11 21:05 -------- d-----w- c:\documents and settings\Matthew\Application Data\IObit
    2011-12-11 03:34 . 2011-12-10 14:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-12-10 07:13 . 2011-12-10 07:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-07 03:47 . 2011-03-14 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-01-07 03:47 . 2008-09-16 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-16 23:43 . 2004-08-04 11:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-12-10 14:38 . 2010-11-28 01:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-23 13:25 . 2004-08-04 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 17:06 . 2009-02-27 23:27 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-11-02 19:48 . 2011-11-02 19:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-11-01 16:07 . 2004-08-04 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-16 18:47 . 2011-05-18 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-10-10 14:22 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2003-08-27 19:19 . 2004-12-19 22:13 36963 ------w- c:\program files\Common Files\SM1updtr.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-20_17.52.39 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
    + 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
    + 2012-01-07 04:28 . 2012-01-07 04:28 16384 c:\windows\Temp\Perflib_Perfdata_958.dat
    + 2012-01-07 18:21 . 2012-01-07 18:21 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
    + 2011-09-13 11:30 . 2011-09-13 11:30 32592 c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
    + 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\SYSTEM32\DRIVERS\avgmfx86.sys
    + 2011-10-04 11:21 . 2011-10-04 11:21 16720 c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys
    + 2011-07-11 06:14 . 2011-07-11 06:14 24272 c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys
    + 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys
    - 2004-12-18 03:22 . 2011-12-11 21:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-12-18 03:22 . 2012-01-07 18:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2004-12-18 03:22 . 2012-01-07 18:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2004-12-18 03:22 . 2011-12-11 21:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
    + 2011-12-20 18:18 . 2012-01-07 18:00 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
    + 2012-01-04 00:45 . 2012-01-04 00:45 81920 c:\windows\Installer\{95468B00-C081-4B27-AC96-0A2A31359E60}\ARPPRODUCTICON.exe
    + 2012-01-04 00:45 . 2012-01-04 00:45 232912 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    + 2012-01-04 00:45 . 2012-01-04 00:45 311760 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10k_ActiveX.dll
    + 2012-01-07 03:47 . 2012-01-07 03:47 157472 c:\windows\SYSTEM32\javaws.exe
    - 2011-03-14 18:02 . 2011-03-14 18:02 157472 c:\windows\SYSTEM32\javaws.exe
    + 2012-01-07 03:47 . 2012-01-07 03:47 149280 c:\windows\SYSTEM32\javaw.exe
    + 2012-01-07 03:47 . 2012-01-07 03:47 149280 c:\windows\SYSTEM32\java.exe
    + 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
    + 2011-10-07 11:23 . 2011-10-07 11:23 230608 c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
    + 2011-07-11 06:14 . 2011-07-11 06:14 134608 c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys
    + 2012-01-07 03:48 . 2012-01-07 03:48 203776 c:\windows\Installer\bb8fbc3.msi
    + 2012-01-07 03:47 . 2012-01-07 03:47 901120 c:\windows\Installer\bb8fbb3.msi
    + 2011-12-26 04:31 . 2011-12-26 04:31 323584 c:\windows\Installer\{83721450-E604-4C37-ABEB-CE7F18C587C8}\NewShortcut1_3BC5BC30773746439FA3047F389574CE.exe
    + 2011-12-26 04:31 . 2011-12-26 04:31 281894 c:\windows\Installer\{83721450-E604-4C37-ABEB-CE7F18C587C8}\ARPPRODUCTICON.exe
    + 2011-12-26 04:33 . 2011-12-26 04:33 323584 c:\windows\Installer\{61F25370-7465-4404-BE28-4629BF808699}\LS_SLW_SHORTCUT_F5B0142B17F14684B6AC6E79EF0C9EFE.exe
    + 2011-12-26 04:33 . 2011-12-26 04:33 281894 c:\windows\Installer\{61F25370-7465-4404-BE28-4629BF808699}\ARPPRODUCTICON.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 131072 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 323584 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 339968 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut1_FE82206EF6124B479F4EDD27A1E056A4.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 323584 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 131072 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\LightScribeWebsite_9607541794D946E89D5752F753E35CC4.exe
    + 2011-12-26 04:28 . 2011-12-26 04:28 281894 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\ARPPRODUCTICON.exe
    + 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
    + 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
    + 2011-12-23 14:24 . 2011-12-23 14:24 4683264 c:\windows\Installer\ea11a0d.msi
    + 2011-12-20 18:08 . 2011-12-20 18:08 2186240 c:\windows\Installer\8eb825.msi
    + 2012-01-04 00:45 . 2012-01-04 00:45 1093120 c:\windows\Installer\497eda8d.msi
    + 2012-01-04 00:44 . 2012-01-04 00:44 2992128 c:\windows\Installer\497eda89.msi
    + 2011-12-26 04:33 . 2011-12-26 04:33 1193984 c:\windows\Installer\1bf2880d.msi
    + 2011-12-26 04:31 . 2011-12-26 04:31 1191424 c:\windows\Installer\1bf28808.msi
    + 2011-12-26 04:28 . 2011-12-26 04:28 2344960 c:\windows\Installer\1bf28803.msi
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "Dit"="Dit.exe" [2003-04-22 61440]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    c:\documents and settings\Larry\Start Menu\Programs\Startup\
    PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2011-12-23 1287176]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
    backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2004-03-11 15:50 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-17 03:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2004-03-23 18:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-06-20 20:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-05-16 15:50 19968 ------w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-12-25 16:08 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-12-25 16:08 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-12-25 16:08 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2011-06-11 18:48 490112 ----a-w- c:\program files\Real\realplayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    c:\program files\real\realplayer\update\realsched.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe"= c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\Engine.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57888:TCP"= 57888:TCP:pando Media Booster
    "57888:UDP"= 57888:UDP:pando Media Booster
    "58795:TCP"= 58795:TCP:pando Media Booster
    "58795:UDP"= 58795:UDP:pando Media Booster
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    "58684:TCP"= 58684:TCP:pando Media Booster
    "58684:UDP"= 58684:UDP:pando Media Booster
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 6:30 AM 32592]
    R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/27/2009 6:27 PM 64512]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/7/2011 6:23 AM 230608]
    R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 1:14 AM 295248]
    R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 286736]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 10:33 PM 820568]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 1:35 PM 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
    R3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [12/18/2004 2:46 PM 140440]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\SYSTEM32\DRIVERS\avcuwfl.sys [7/2/2006 8:28 PM 18644]
    S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\SYSTEM32\DRIVERS\avcuwilo.sys [7/2/2006 8:46 PM 51166]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [4/23/2009 9:11 AM 17149]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 pmxscan;Visioneer USB Kernel;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/27/2004 6:08 PM 15104]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [4/23/2009 9:05 AM 272128]
    S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\ONSTOR2K.SYS [1/12/2005 5:09 PM 33754]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/11/2011 4:05 PM 239472]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 20:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
    .
    2012-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
    .
    2012-01-07 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-11-16 14:50]
    .
    2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
    .
    2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1007.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Linked&In Search
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\3l0ipfxb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-07 13:48
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    "value"="?\0b\05\19\10&\07?"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(2968)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
    c:\program files\AVG\AVG2012\avgui.exe
    c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-07 13:58:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-07 18:58
    ComboFix2.txt 2011-12-20 18:00
    .
    Pre-Run: 160,161,411,072 bytes free
    Post-Run: 160,089,964,544 bytes free
    .
    - - End Of File - - 274DE94CB66F5B3B860BC7A947C84BF5
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm not really sure what you did above.

    4. Disabled almost all scheduled tasks.>> there are still 13 Scheduled Task This is only 1 less than previously
    6. Disabled AdWatch Live (left AVG AV alone).>> Per my reply #3, AVG was to be temporarily uninstalled before running Combofix. AVG is on the system in the current Combofix and AdWatch is also still installed. Do not count on AdWatch for full AV coverage. I left you a choice of 2 AV to choose from while AVG was uninstalled.
    7. System is running 3.0GB RAM. Max is 4.0 (old system), should I go for it? It's certainly cheap enough.>> No! Even 3GB is more than you need for Win XP Home. You need to get rid of the trash- not add more RAM!
    9. Ran CKScanner - Log (CKFILES.TXT) posted below.>> No log
    You typed "CKScanner but did not leave anything for it.
    10. Dragged CFScript into ComboFix and ran it - Log (COMBOFIX010712.TXT) posted below.
    Then it appears that you copied the script from the code box and pasted it in before the Combofix log..That script gets copied into Notepad, then run through Combofix as instructed. I have deleted that copy in the reply.
    ========================================
    Before you go on, please go back to my Reply #3 and follow the AppRemover instructions for AVG. This includes using one of the temporary AV I left. Note, you will still need to disable the new AV when you run Combofix again.

    Find and leave the log for the CK Scanner.
    Leave AdWatch disabled.
    Go back and find those Scheduled Tasks you thought you disabled and disable them.
    -------------------------------
    Reboot the computer.
    ------------------------------
    30 processes starting on boot>> I have 4: the AV, touchpad for laptop, 2 network processes>>>> Everything you have can be called up from All Programs instead of starting on boot and running in the background. Your 30 = slow!
    9 drivers for AVG> 3 are for the antiroot kit and the rest for the AV
    Addons are much better! :)
    ========================================
    With AVG uninstalled and Avast or Avira disabled:
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
    c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
    c:\program files\Common Files\SM1updtr.dll
    c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    RegNull::
    [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
    Clearjavacache::
    Driver::
    Avgrkx86
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
     
  17. lland

    lland TS Rookie Topic Starter

    OK, apparently, I don’t have a clue…sorry…

    So, here’s what I did this time:

    1. Deleted all scheduled tasks - last time I just disabled them.
    2. Uninstalled AVG - last time I just disabled it (yes, I know...).
    3. Uninstalled AdAware (AdWatch) - last time I just diabled it.
    4. Found what I believe is the real CKScanner log (CKFiles.txt, pasted below). Last time, I “selected all” but forgot to hit “copy” so when I pasted to the reply, the last thing I had copied (CFScript) pasted. Sorry!
    5. Re-ran ComboFix without any AV program (log pasted below)
    6. Installed Avira Free AV after ComboFix ran (is this OK as a permanent solution or should I go back to AVG (or some other option) when we’re done?)

    Finally, I thought I took care of the startup items by unchecking them in the startup tab of the system configuration utility (msconfig), and if I go to C: > Documents and Settings > All Users > Start menu > Programs > Startup, the folder appears to be empty. If they are still running, apparently I don’t know how to disable, uninstall, or keep them from running in startup so any help here would be greatly appreciated.

    Thanks again.

    LL


    * * * * *

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\larry\application data\handbrake\logs\asp episode 4-10 - the gang cracks the liberty bell.m4v 6-27-2011 8-34-56 pm.txt
    c:\documents and settings\larry\application data\handbrake\logs\asp episode 4-11 - the gang cracks the liberty bell.m4v 6-28-2011 2-52-10 am.txt
    c:\documents and settings\larry\application data\macromedia\flash player\#sharedobjects\u3yv3spj\crackle.com\cracklesettings.sol
    c:\documents and settings\larry\application data\macromedia\flash player\#sharedobjects\u3yv3spj\www.crackle.com\cracklesettings.sol
    c:\documents and settings\larry\application data\macromedia\flash player\#sharedobjects\u3yv3spj\www.crackle.com\s_br.sol
    c:\documents and settings\larry\application data\macromedia\flash player\#sharedobjects\u3yv3spj\www.crackle.com\tracking.sol
    c:\documents and settings\larry\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
    c:\documents and settings\larry\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#www.crackle.com\settings.sol
    c:\documents and settings\larry\my documents\movies\it's always sunny in philadelphia\season 4\asp episode 4-11 - the gang cracks the liberty bell.m4v
    c:\documents and settings\larry\usb drives\bejeweled 2 deluxe\sounds\firecrackle.ogg
    c:\documents and settings\liz\application data\sun\java\deployment\cache\javapi\v1.0\file\crack.au-5a098-11abe513.au
    c:\documents and settings\liz\application data\sun\java\deployment\cache\javapi\v1.0\file\crack.au-5a098-11abe513.idx
    c:\documents and settings\matthew\application data\macromedia\flash player\#sharedobjects\htumsbbk\crackle.com\cracklesettings.sol
    c:\documents and settings\matthew\application data\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
    scanner sequence 3.IE.11.RKNAIF
    ----- EOF -----

    * * * * *

    ComboFix 12-01-07.04 - Larry 01/08/2012 22:00:51.3.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2577 [GMT -5:00]
    Running from: c:\documents and settings\Larry\My Documents\Downloads\ComboFix.exe
    Command switches used :: c:\documents and settings\Larry\Desktop\CFScript.txt
    .
    FILE ::
    "c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe"
    "c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe"
    "c:\program files\Common Files\SM1updtr.dll"
    "c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
    c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
    c:\program files\Common Files\SM1updtr.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_AVGRKX86
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-09 to 2012-01-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-07 04:15 . 2012-01-07 04:15 -------- d-----w- c:\program files\ESET
    2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\ARPPRODUCTICON.exe
    2011-12-26 04:33 . 2011-12-26 04:33 -------- d-----w- c:\program files\LightScribe
    2011-12-26 04:31 . 2011-12-26 04:31 -------- d-----w- c:\program files\LightScribe Template Labeler
    2011-12-26 04:29 . 2011-12-26 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
    2011-12-26 04:27 . 2011-12-26 04:28 -------- d-----w- c:\program files\Common Files\LightScribe
    2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\program files\Panda USB Vaccine
    2011-12-11 21:02 . 2011-12-11 21:05 -------- d-----w- c:\documents and settings\Matthew\Application Data\IObit
    2011-12-10 07:13 . 2011-12-10 07:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-07 03:47 . 2011-03-14 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-01-07 03:47 . 2008-09-16 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-12-16 23:43 . 2004-08-04 11:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2011-12-10 14:38 . 2010-11-28 01:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-11-23 13:25 . 2004-08-04 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-02 19:48 . 2011-11-02 19:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2011-11-01 16:07 . 2004-08-04 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-16 18:47 . 2011-05-18 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
    "Dit"="Dit.exe" [2003-04-22 61440]
    "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
    "Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
    "Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
    .
    c:\documents and settings\Larry\Start Menu\Programs\Startup\
    PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2011-12-23 1287176]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
    backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
    backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
    backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
    2004-03-11 15:50 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
    2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
    2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-17 03:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
    2004-03-23 18:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2011-06-20 20:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
    2003-05-16 15:50 19968 ------w- c:\windows\LOGI_MWX.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2008-12-25 16:08 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
    2008-12-25 16:08 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    2008-12-25 16:08 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2011-06-11 18:48 490112 ----a-w- c:\program files\Real\realplayer\realplay.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
    2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    c:\program files\real\realplayer\update\realsched.exe [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
    2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
    "c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
    "c:\\Nexon\\Combat Arms\\NMService.exe"=
    "c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe"= c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\NMService.exe"=
    "c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\Engine.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "57888:TCP"= 57888:TCP:pando Media Booster
    "57888:UDP"= 57888:UDP:pando Media Booster
    "58795:TCP"= 58795:TCP:pando Media Booster
    "58795:UDP"= 58795:UDP:pando Media Booster
    "50000:UDP"= 50000:UDP:IHA_MessageCenter
    "58684:TCP"= 58684:TCP:pando Media Booster
    "58684:UDP"= 58684:UDP:pando Media Booster
    .
    R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 286736]
    R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 10:33 PM 820568]
    R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 1:35 PM 25824]
    R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
    R3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [12/18/2004 2:46 PM 140440]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\SYSTEM32\DRIVERS\avcuwfl.sys [7/2/2006 8:28 PM 18644]
    S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\SYSTEM32\DRIVERS\avcuwilo.sys [7/2/2006 8:46 PM 51166]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [4/23/2009 9:11 AM 17149]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
    S3 pmxscan;Visioneer USB Kernel;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/27/2004 6:08 PM 15104]
    S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [4/23/2009 9:05 AM 272128]
    S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\ONSTOR2K.SYS [1/12/2005 5:09 PM 33754]
    S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/11/2011 4:05 PM 239472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2011-06-20 20:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
    IE: Linked&In Search
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
    FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\3l0ipfxb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-08 22:15
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3596)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
    c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\Dit.exe
    c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    c:\program files\Memeo\AutoBackup\InstantBackup.exe
    c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
    c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-08 22:24:07 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-09 03:24
    ComboFix2.txt 2012-01-07 18:58
    ComboFix3.txt 2011-12-20 18:00
    .
    Pre-Run: 159,008,534,528 bytes free
    Post-Run: 158,979,633,152 bytes free
    .
    - - End Of File - - C58EF28960D159ED2FE87537EDA4B97C
     
  18. lland

    lland TS Rookie Topic Starter

    Update: I went into "services.msc" and changed a bunch of services to manual and disabled a bunch more Probably still running a number that are unnecessary, but better.

    LL
     
  19. lland

    lland TS Rookie Topic Starter

    Second update: Whenever I want to log off or turn off the computer, I have to do it twice (start > Log Off > Log Off or Start > Turn Off Computer > Turn Off (or Restart)). First time does nothing, second time works fine. Curious...

    LL
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please use the Edit feature in a Reply when you have only a sentence or few words to add. I get email feedback every time you reply.

    About the shutdown- I doubt that has anything to do with the malware- both shutdown and load are directly related to the number of processes to run on the system.

    About the Services: you have to be careful when changing Services. Some are absolutely needed. When I discuss Services, here are my comments:.
    • Use the recommendations of the Black Viper site
      For Windows XP Home SP3: Black Viper Services for Windows XP Home, SP3
      [o] You need to know what a Service is for.
      [o] You will learn the ones that must] be set to Automatic.
      [o]You will learn which can be set to Manual so they only start when needed.
      [o] You will learn that some Services depend on other Services for it to run> those are the Dependencies.
      [o] You will learn that some Services can be disabled, both for non-use and for safety.
    • I advise working in Services be done in Safe Mode. The main reason is because of the Dependencies. If a Dependency isn't running when you are in Normal Mode, you won't be able to start the Service.
    • I don't advise stopping any 'unknown' Service for all of the above reasons.
    =====================================
    About entries in the Startup folder and Startup Menu:
    None of the following need to start on boot. Programs an be accessed in All Programs when needed
    Start Menu^Programs^Startup Folder
    Adobe Gamma Loader.lnk]
    Dataviz Messenger.lnk
    HP Digital Imaging Monitor.lnk
    Microsoft Office.lnk
    PowerReg Scheduler V3.exe

    These are valid programs but none are required to run on startup.
    Startup Menu on the msconfig startup:
    AdobeARM.exe
    Adobe Photo Downloader> apdproxy.exe
    c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
    c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
    c:\program files\Epson Software\Event Manager\EEventManager.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    c:\program files\HP\HP Software Update\hpwuSchd2.exe
    c:\program files\iTunes\iTunesHelper.exe
    c:\program files\QuickTime\QTTask.exe
    c:\program files\Real\realplayer\realplay.exe
    SM1bg.exe>> USB driver for downloading from within Napster to portable MP3 players >> Set in 2003
    C:\WINDOWS\UpdReg.EXE>> Reminder to register Creative Labs SoundBlaster Live! cards (Set in 2000).
    =========================================
    To remove entries from the Startup Menu using the msconfig utility:
    • Click on Start> Run> type in msconfig> enter>
      [​IMG]
    • Click on Selective Startup
    • Choose the Startup tab:
      [​IMG]
      All images courtesy NetSquirrel
    • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
    • Uncheck any processes you do not need to start on boot.
    • Click on Apply> OK when finished.
    NOTE:
    When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
     
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Regarding your PM, the last reply here was from me- a week go. I left information regarding the Services and startup Menu. When you gave no post back, t appeared you had left the thread.

    You still have a great number of processes starting on boot.
    ===================================
    If all is well: Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin

    Reinstall AVG. Make sure the Mbam you were using got uninstalled and progrm folder deleted. Then install the new version of Mbam.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...