first log............Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/4/2010 10:17:52 PM
mbam-log-2010-12-04 (22-17-52).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> 440 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5246
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/4/2010 11:49:14 PM
mbam-log-2010-12-04 (23-49-14).txt
Scan type: Quick scan
Objects scanned: 126966
Time elapsed: 5 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MP3TUBE_TOOLBAR_UPDATER_SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765F5A36AD96 (Malware.Trace) -> Value: SRS_IT_E8790477B1765F5A36AD96 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\KA\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-05 00:36:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9402112A rev.3.06
Running: u7tbe80u.exe; Driver: C:\DOCUME~1\KA\LOCALS~1\Temp\ugtdipow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8323BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA83239D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8323B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by KA at 0:39:59.37 on Sun 12/05/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.901 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\KA\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://espn.go.com/nfl/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:23012
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar Launcher
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wisdom-soft ScreenHunter 5.1 Free] 0
uRun: [CLICK] C:\CLICK
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://buymixtapes.com/newsongs.php
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Spell Checker: gaurangnshah@gmail.com - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\gaurangnshah@gmail.com
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-29 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-26 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-20 88176]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-3 278528]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-12-3 57440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-3 1710944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-3 360529]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
=============== Created Last 30 ================
2010-12-05 04:02:37 -------- d-----w- c:\program files\Blockbuster
2010-12-03 05:05:27 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2010-12-01 11:56:58 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Sunbelt Software
2010-12-01 02:47:38 -------- d-----w- c:\program files\Bazooka Scanner
2010-11-30 02:13:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-30 02:13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-26 22:26:46 -------- d-----w- c:\program files\MPEGTOWAV
2010-11-26 05:50:45 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Conduit
2010-11-26 05:50:08 -------- d-----w- c:\program files\uTorrent
2010-11-26 05:49:44 -------- d-----w- c:\docume~1\ka\applic~1\uTorrent
2010-11-21 07:40:00 -------- d-----w- c:\program files\Xvid
2010-11-21 00:51:52 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
2010-11-18 04:59:01 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-18 04:59:01 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-11-18 04:59:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-11-18 04:59:01 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-11-18 04:59:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-18 04:59:01 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-11-18 04:59:01 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-18 04:59:01 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-11-18 04:58:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-18 04:58:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-11-18 04:58:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-18 04:58:54 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-11-18 04:44:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Temp
2010-11-18 04:44:03 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Google
2010-11-18 04:43:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Deployment
2010-11-13 00:26:26 545 ----a-w- c:\windows\UC.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\RAR.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\LHA.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\ARJ.PIF
2010-11-13 00:26:26 -------- d-----w- c:\docume~1\ka\applic~1\GHISLER
2010-11-10 07:50:18 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\AVNEX_Ltd._(CY)
2010-11-10 07:46:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avnex
2010-11-10 00:40:53 -------- d-----w- c:\program files\Microsoft ActiveSync
==================== Find3M ====================
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
============= FINISH: 0:40:20.81 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/19/2009 6:48:59 PM
System Uptime: 12/5/2010 12:30:47 AM (0 hours ago)
Motherboard: Acer | | Garda-910
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 22.607 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WNA1100 Wireless-N 150 USB Adapter
Device ID: USB\VID_0846&PID_9030\12345
Manufacturer: Netgear Inc.
Name: NETGEAR WNA1100 Wireless-N 150 USB Adapter
PNP Device ID: USB\VID_0846&PID_9030\12345
Service: AR9271
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Service: AR5211
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
Service: RTL8023xp
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Service:
==== System Restore Points ===================
RP415: 11/14/2010 1:45:40 PM - System Checkpoint
RP416: 11/22/2010 5:14:29 AM - Revo Uninstaller's restore point - blinkx beat
RP417: 11/22/2010 5:15:34 AM - Revo Uninstaller's restore point - blinkx beat
RP418: 11/22/2010 5:16:42 AM - Revo Uninstaller's restore point - Homepage Protection Service
RP419: 11/22/2010 5:17:58 AM - Revo Uninstaller's restore point - ShopperReports
RP420: 11/22/2010 5:18:39 AM - Revo Uninstaller's restore point - Google Chrome Frame
RP421: 11/22/2010 5:19:56 AM - Revo Uninstaller's restore point - Mp3Tube Toolbar
RP422: 11/22/2010 5:20:39 AM - Revo Uninstaller's restore point - ResultBar 1.0 build 113
RP423: 11/22/2010 11:59:56 AM - Revo Uninstaller's restore point - Kilmist Registry Editor 2.5
RP424: 11/22/2010 12:00:19 PM - Removed Kilmist Registry Editor 2.5
RP425: 11/22/2010 12:02:13 PM - Revo Uninstaller's restore point - AV Music Morpher Gold
RP426: 11/22/2010 12:03:22 PM - Revo Uninstaller's restore point - Magic Button
RP427: 11/22/2010 12:04:39 PM - Revo Uninstaller's restore point - Total Commander (Remove or Repair)
RP428: 11/24/2010 2:35:26 AM - Revo Uninstaller's restore point - Clean Disk Security 7.84
RP429: 11/30/2010 2:44:30 AM - Revo Uninstaller's restore point - K-Lite Codec Pack 6.6.0 (Basic)
RP430: 11/30/2010 2:44:50 AM - Revo Uninstaller's restore point - Wisdom-soft Set up ScreenHunter 5.1 Free
RP431: 11/30/2010 2:45:38 AM - Revo Uninstaller's restore point - uTorrentBar Toolbar
RP432: 11/30/2010 2:46:36 AM - Revo Uninstaller's restore point - RealPlayer
RP433: 11/30/2010 5:30:18 AM - Revo Uninstaller's restore point - Xvid 1.2.1 final uninstall
RP434: 11/30/2010 5:31:37 AM - Revo Uninstaller's restore point - ClickPotato
RP435: 11/30/2010 9:51:36 PM - Revo Uninstaller's restore point - Bazooka Scanner
RP436: 11/30/2010 9:53:00 PM - Revo Uninstaller's restore point - DivX Codec
RP437: 11/30/2010 9:53:53 PM - Revo Uninstaller's restore point - DivX Converter
RP438: 11/30/2010 9:54:42 PM - Revo Uninstaller's restore point - DivX Plus DirectShow Filters
RP439: 11/30/2010 10:27:39 PM - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP440: 11/30/2010 11:39:59 PM - Revo Uninstaller's restore point - avast! Free Antivirus
RP441: 12/1/2010 6:51:52 AM - Revo Uninstaller's restore point - Spyware Doctor 8.0
RP442: 12/1/2010 6:40:08 PM - Software Distribution Service 3.0
RP443: 12/1/2010 11:52:31 PM - Revo Uninstaller's restore point - ClickPotato
RP444: 12/2/2010 9:11:03 PM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
RP445: 12/2/2010 9:49:44 PM - Removed NETGEAR WNA1100 wireless USB 2.0 adapter
RP446: 12/3/2010 12:03:58 AM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
RP447: 12/4/2010 1:01:33 AM - Installed ESET NOD32 Antivirus
RP448: 12/4/2010 1:03:29 AM - Installed ESET NOD32 Antivirus
RP449: 12/4/2010 1:06:40 AM - Installed ESET NOD32 Antivirus
RP450: 12/4/2010 4:59:27 AM - Removed ESET NOD32 Antivirus
==== Installed Programs ======================
µTorrent
7-Zip 4.65
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Advanced SystemCare 3
AIM 7
Atheros Driver Installation Program
Atheros Wireless LAN
AutoUpdate
Bonjour
DivX Player
DivX Plus Web Player
DivX Version Checker
eReg
Firebird SQL Server - MAGIX Edition
Full Tilt Poker
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java(TM) 6 Update 14
K-Lite Codec Pack 6.6.0 (Basic)
LimeWire 4.18.8
Logitech SetPoint 6.15
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
Mozilla Firefox (3.0.14)
MPEG To Wav Converter version 1.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NETGEAR WNA1100 wireless USB 2.0 adapter
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.83
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
12/4/2010 11:59:49 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/4/2010 11:59:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/4/2010 11:51:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7031] - The WSWNA1100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/4/2010 10:17:51 PM, error: Service Control Manager [7034] - The ResultBar Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 1:01:31 AM, error: Service Control Manager [7000] - The epfwtdir service failed to start due to the following error: A device attached to the system is not functioning.
12/2/2010 9:05:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 0014A4858B1C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 8:36:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
12/1/2010 8:36:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
12/1/2010 8:35:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
12/1/2010 8:24:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 11:33:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
12/1/2010 10:07:57 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A4858B1C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/30/2010 9:31:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
11/29/2010 2:47:05 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
==== End Of File ===========================
www.malwarebytes.org
Database version: 5214
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/4/2010 10:17:52 PM
mbam-log-2010-12-04 (22-17-52).txt
Scan type: Quick scan
Objects scanned: 1
Time elapsed: 15 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1
Memory Processes Infected:
c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> 440 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ResultBar Service (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\documents and settings\all users\application data\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
Files Infected:
c:\documents and settings\all users\application data\resultbar\resultbar113.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5246
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
12/4/2010 11:49:14 PM
mbam-log-2010-12-04 (23-49-14).txt
Scan type: Quick scan
Objects scanned: 126966
Time elapsed: 5 minute(s), 47 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 7
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\ere94fe5o32 (Trojan.FakeAV) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mp3Tube (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBar (Adware.ResultBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MP3TUBE_TOOLBAR_UPDATER_SERVICE (Adware.Mp3Tube) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RESULTBAR_SERVICE (Adware.ResultBar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Value: {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790477B1765F5A36AD96 (Malware.Trace) -> Value: SRS_IT_E8790477B1765F5A36AD96 -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0} (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\documents and settings\KA\application data\mp3tube toolbar (Adware.Mp3Tube) -> Quarantined and deleted successfully.
Files Infected:
c:\program files\mozilla firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome.manifest (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\install.rdf (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\chrome\resultbar.jar (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mozilla firefox\extensions\{34efa911-b536-4c08-bece-cd5e55c875b0}\defaults\preferences\prefs.js (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar\resultbar.dll (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\resultbar\resultbar.exe (Adware.ResultBar) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubesvc.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
c:\program files\mp3tube toolbar\mp3tubevideotomp3.exe (Adware.Mp3Tube) -> Quarantined and deleted successfully.
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-05 00:36:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST9402112A rev.3.06
Running: u7tbe80u.exe; Driver: C:\DOCUME~1\KA\LOCALS~1\Temp\ugtdipow.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8323BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xA83239D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xA8323B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-12-05.01) - NTFSx86
Run by KA at 0:39:59.37 on Sun 12/05/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1270.901 [GMT -5:00]
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\KA\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://espn.go.com/nfl/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:23012
mSearchAssistant =
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} -
uURLSearchHooks: H - No File
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uURLSearchHooks: H - No File
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - AOL Toolbar Launcher
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {61539ecd-cc67-4437-a03c-9aaccbd14326} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} -
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Wisdom-soft ScreenHunter 5.1 Free] 0
uRun: [CLICK] C:\CLICK
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922}
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=01-05-2010&tb_mrud=01-05-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://buymixtapes.com/newsongs.php
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Extension: Spell Checker: gaurangnshah@gmail.com - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\gaurangnshah@gmail.com
FF - Extension: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - c:\docume~1\ka\applic~1\mozilla\firefox\profiles\ostsccu7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Extension: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-10-29 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-26 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-26 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2010-8-12 10448]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-6-20 88176]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2010-12-3 278528]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2010-12-3 57440]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-17 136176]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2010-12-3 1710944]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-26 40384]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\magix\common\database\bin\fbserver.exe --> c:\program files\magix\common\database\bin\fbserver.exe [?]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2010-12-3 360529]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
=============== Created Last 30 ================
2010-12-05 04:02:37 -------- d-----w- c:\program files\Blockbuster
2010-12-03 05:05:27 58208 ----a-w- c:\windows\system32\drivers\wsimd.sys
2010-12-01 11:56:58 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Sunbelt Software
2010-12-01 02:47:38 -------- d-----w- c:\program files\Bazooka Scanner
2010-11-30 02:13:27 165376 ----a-w- c:\windows\system32\unrar.dll
2010-11-30 02:13:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-11-26 22:26:46 -------- d-----w- c:\program files\MPEGTOWAV
2010-11-26 05:50:45 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Conduit
2010-11-26 05:50:08 -------- d-----w- c:\program files\uTorrent
2010-11-26 05:49:44 -------- d-----w- c:\docume~1\ka\applic~1\uTorrent
2010-11-21 07:40:00 -------- d-----w- c:\program files\Xvid
2010-11-21 00:51:52 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\DefaultDomain_Path_2jjdwwwbej4fajitudmutkjkc2soxwl5
2010-11-18 04:59:01 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-18 04:59:01 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-11-18 04:59:01 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-11-18 04:59:01 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-11-18 04:59:01 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-18 04:59:01 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-11-18 04:59:01 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-18 04:59:01 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-11-18 04:58:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-18 04:58:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-11-18 04:58:54 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-18 04:58:54 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-11-18 04:44:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Temp
2010-11-18 04:44:03 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Google
2010-11-18 04:43:19 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\Deployment
2010-11-13 00:26:26 545 ----a-w- c:\windows\UC.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\RAR.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\LHA.PIF
2010-11-13 00:26:26 545 ----a-w- c:\windows\ARJ.PIF
2010-11-13 00:26:26 -------- d-----w- c:\docume~1\ka\applic~1\GHISLER
2010-11-10 07:50:18 -------- d-----w- c:\docume~1\ka\locals~1\applic~1\AVNEX_Ltd._(CY)
2010-11-10 07:46:37 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avnex
2010-11-10 00:40:53 -------- d-----w- c:\program files\Microsoft ActiveSync
==================== Find3M ====================
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-09 14:16:31 667136 ----a-w- c:\windows\system32\wininet.dll
2010-09-09 14:16:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-09-09 14:16:29 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-09-08 16:49:49 369664 ----a-w- c:\windows\system32\html.iec
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
============= FINISH: 0:40:20.81 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-05.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/19/2009 6:48:59 PM
System Uptime: 12/5/2010 12:30:47 AM (0 hours ago)
Motherboard: Acer | | Garda-910
Processor: Intel(R) Celeron(R) M processor 1.50GHz | U1 | 1496/100mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 37 GiB total, 22.607 GiB free.
D: is CDROM (CDFS)
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WNA1100 Wireless-N 150 USB Adapter
Device ID: USB\VID_0846&PID_9030\12345
Manufacturer: Netgear Inc.
Name: NETGEAR WNA1100 Wireless-N 150 USB Adapter
PNP Device ID: USB\VID_0846&PID_9030\12345
Service: AR9271
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Atheros AR5005G Wireless Network Adapter
Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Manufacturer: Atheros
Name: Atheros AR5005G Wireless Network Adapter
PNP Device ID: PCI\VEN_168C&DEV_001A&SUBSYS_04181468&REV_01\4&AD1B67F&0&28F0
Service: AR5211
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_006A1025&REV_10\4&AD1B67F&0&38F0
Service: RTL8023xp
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_266D&SUBSYS_006A1025&REV_03\3&B1BFB68&0&F3
Service:
==== System Restore Points ===================
RP415: 11/14/2010 1:45:40 PM - System Checkpoint
RP416: 11/22/2010 5:14:29 AM - Revo Uninstaller's restore point - blinkx beat
RP417: 11/22/2010 5:15:34 AM - Revo Uninstaller's restore point - blinkx beat
RP418: 11/22/2010 5:16:42 AM - Revo Uninstaller's restore point - Homepage Protection Service
RP419: 11/22/2010 5:17:58 AM - Revo Uninstaller's restore point - ShopperReports
RP420: 11/22/2010 5:18:39 AM - Revo Uninstaller's restore point - Google Chrome Frame
RP421: 11/22/2010 5:19:56 AM - Revo Uninstaller's restore point - Mp3Tube Toolbar
RP422: 11/22/2010 5:20:39 AM - Revo Uninstaller's restore point - ResultBar 1.0 build 113
RP423: 11/22/2010 11:59:56 AM - Revo Uninstaller's restore point - Kilmist Registry Editor 2.5
RP424: 11/22/2010 12:00:19 PM - Removed Kilmist Registry Editor 2.5
RP425: 11/22/2010 12:02:13 PM - Revo Uninstaller's restore point - AV Music Morpher Gold
RP426: 11/22/2010 12:03:22 PM - Revo Uninstaller's restore point - Magic Button
RP427: 11/22/2010 12:04:39 PM - Revo Uninstaller's restore point - Total Commander (Remove or Repair)
RP428: 11/24/2010 2:35:26 AM - Revo Uninstaller's restore point - Clean Disk Security 7.84
RP429: 11/30/2010 2:44:30 AM - Revo Uninstaller's restore point - K-Lite Codec Pack 6.6.0 (Basic)
RP430: 11/30/2010 2:44:50 AM - Revo Uninstaller's restore point - Wisdom-soft Set up ScreenHunter 5.1 Free
RP431: 11/30/2010 2:45:38 AM - Revo Uninstaller's restore point - uTorrentBar Toolbar
RP432: 11/30/2010 2:46:36 AM - Revo Uninstaller's restore point - RealPlayer
RP433: 11/30/2010 5:30:18 AM - Revo Uninstaller's restore point - Xvid 1.2.1 final uninstall
RP434: 11/30/2010 5:31:37 AM - Revo Uninstaller's restore point - ClickPotato
RP435: 11/30/2010 9:51:36 PM - Revo Uninstaller's restore point - Bazooka Scanner
RP436: 11/30/2010 9:53:00 PM - Revo Uninstaller's restore point - DivX Codec
RP437: 11/30/2010 9:53:53 PM - Revo Uninstaller's restore point - DivX Converter
RP438: 11/30/2010 9:54:42 PM - Revo Uninstaller's restore point - DivX Plus DirectShow Filters
RP439: 11/30/2010 10:27:39 PM - Revo Uninstaller's restore point - Windows Internet Explorer 8
RP440: 11/30/2010 11:39:59 PM - Revo Uninstaller's restore point - avast! Free Antivirus
RP441: 12/1/2010 6:51:52 AM - Revo Uninstaller's restore point - Spyware Doctor 8.0
RP442: 12/1/2010 6:40:08 PM - Software Distribution Service 3.0
RP443: 12/1/2010 11:52:31 PM - Revo Uninstaller's restore point - ClickPotato
RP444: 12/2/2010 9:11:03 PM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
RP445: 12/2/2010 9:49:44 PM - Removed NETGEAR WNA1100 wireless USB 2.0 adapter
RP446: 12/3/2010 12:03:58 AM - Installed NETGEAR WNA1100 wireless USB 2.0 adapter
RP447: 12/4/2010 1:01:33 AM - Installed ESET NOD32 Antivirus
RP448: 12/4/2010 1:03:29 AM - Installed ESET NOD32 Antivirus
RP449: 12/4/2010 1:06:40 AM - Installed ESET NOD32 Antivirus
RP450: 12/4/2010 4:59:27 AM - Removed ESET NOD32 Antivirus
==== Installed Programs ======================
µTorrent
7-Zip 4.65
AAC Decoder
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Advanced SystemCare 3
AIM 7
Atheros Driver Installation Program
Atheros Wireless LAN
AutoUpdate
Bonjour
DivX Player
DivX Plus Web Player
DivX Version Checker
eReg
Firebird SQL Server - MAGIX Edition
Full Tilt Poker
Google Update Helper
H.264 Decoder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Graphics Media Accelerator Driver for Mobile
iTunes
Java(TM) 6 Update 14
K-Lite Codec Pack 6.6.0 (Basic)
LimeWire 4.18.8
Logitech SetPoint 6.15
Malwarebytes' Anti-Malware
McAfee SiteAdvisor
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MKV Splitter
Mozilla Firefox (3.0.14)
MPEG To Wav Converter version 1.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NETGEAR WNA1100 wireless USB 2.0 adapter
QuickTime
Realtek AC'97 Audio
REALTEK Gigabit and Fast Ethernet NIC Driver
Revo Uninstaller 1.83
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Yahoo! Toolbar
==== Event Viewer Messages From Past Week ========
12/4/2010 11:59:49 PM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
12/4/2010 11:59:28 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
12/4/2010 11:51:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 11:34:01 PM, error: Service Control Manager [7031] - The WSWNA1100 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/4/2010 10:17:51 PM, error: Service Control Manager [7034] - The ResultBar Service service terminated unexpectedly. It has done this 1 time(s).
12/4/2010 1:01:31 AM, error: Service Control Manager [7000] - The epfwtdir service failed to start due to the following error: A device attached to the system is not functioning.
12/2/2010 9:05:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.68 for the Network Card with network address 0014A4858B1C has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
12/1/2010 8:36:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the wuauserv service.
12/1/2010 8:36:10 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the W32Time service.
12/1/2010 8:35:09 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
12/1/2010 8:24:44 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the RasMan service.
12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 7:23:05 AM, error: Service Control Manager [7034] - The SSDP Discovery Service service terminated unexpectedly. It has done this 1 time(s).
12/1/2010 11:33:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SENS service.
12/1/2010 10:07:57 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0014A4858B1C. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
11/30/2010 9:31:46 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
11/29/2010 2:47:05 AM, error: ACPIEC [1] - \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.
==== End Of File ===========================
