Solved Popups and lost icons

Status
Not open for further replies.

lland

Posts: 11   +0
I started getting a zillion popups, lost my desktop icons, and all start menu items were empty. I ran Malwarebytes in Safe Mode and it seems to have cleaned most of it as the popups stopped and icons and start menu items are back but the machine is still running very slow (yes, it's an older, slower machine, but it's running slower than usual). I ran Malwarebytes, GEMR, and DDS as instructed. The logs are pasted below and on the next post.

Thanks in advance.

LL

* * * * *

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8394

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/18/2011 9:58:24 PM
mbam-log-2011-12-18 (21-58-24).txt

Scan type: Quick scan
Objects scanned: 284790
Time elapsed: 2 hour(s), 19 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-19 07:13:47
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 HDS72404 rev.KFAO
Running: 13muzdtb.exe; Driver: C:\DOCUME~1\Larry\LOCALS~1\Temp\fxtdapog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF76C787E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xAB15AF3C]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF76C7BFE]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xAB15AFE4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xAB15B080]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xAB15B11C]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB88BC360, 0x35363F, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB86FFF80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe[1728] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C771 C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit Malware Fighter Service/IObit)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c dvd43llh.sys (dvd43llh.sys/RIF)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ C:\PROGRA~1\MICROS~4\Office10\OUTLCM.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{77F8D6E9-F0A7-8D50-B905-CAC75B2E221B}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\LocalServer32@ "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\ProgID@ Symantec.stCallbackManager.1
Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\TypeLib@ {51B9BCA6-4A06-11D3-B538-00902771A435}
Reg HKLM\SOFTWARE\Classes\CLSID\{F65BADE8-A426-AA00-CAE7-6AD7961643FD}\VersionIndependentProgID@ Symantec.stCallbackManager

---- EOF - GMER 1.0.15 ----

* * * * *

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Larry at 7:15:42 on 2011-12-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1829 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
svchost.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\Dit.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Download Manager Browser Helper Object: {19c8e43b-07b3-49cb-bffc-6777b593e6f8} - c:\progra~1\common~1\fluxdvd\downlo~1\XEBDLH~1.DLL
BHO: {1A1DAC8C-074D-440F-8707-7009A672D7D1} - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
{85e0b171-04fa-11d1-b7da-00a0c90348d6}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe /r
mRun: [CTHelper] CTHELPER.EXE
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Dit] Dit.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linked&In Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {427273CC-764E-11D3-823D-006097F90453} - hxxp://www.cmphotocenter.com/is/BPImageEditor.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {94B82441-A413-4E43-8422-D49930E69764} - hxxps://echat.us.dell.com/Media/VisitorChatENU/TLIEFlash.CAB
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coke/Coupons.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxp://www.ritzpix.com/net/Uploader/ImageUploader3.cab
DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.ritzpix.com/upload/FujifilmUploadClient.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-29-0.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D9F8A47-EA5B-49E3-80EC-59C2384311EC} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D63C3C3D-F2C8-4A7F-ACE6-2FBBC3DE3401} : DhcpNameServer = 192.168.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\larry\application data\mozilla\firefox\profiles\3l0ipfxb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCoreGecko9.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\fluxdvd\apix\NPAPIX.dll
FF - plugin: c:\program files\common files\fluxdvd\browserintegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg2012\Firefox4
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-27 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 286736]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2011-6-13 820568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-11-3 2152152]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-9 24652]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\system32\drivers\hcw848nt.sys [2004-12-18 140440]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-11-3 15232]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\system32\drivers\avcuwfl.sys [2006-7-2 18644]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\system32\drivers\avcuwilo.sys [2006-7-2 51166]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-23 17149]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-7 135664]
S3 pmxscan;Visioneer USB Kernel;c:\windows\system32\drivers\usbscan.sys [2004-12-27 15104]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\drivers\wg111v2.sys [2009-4-23 272128]
S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\system32\drivers\ONSTOR2K.SYS [2005-1-12 33754]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2011-12-11 239472]
.
=============== Created Last 30 ================
.
2011-12-11 03:34:46 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-11-25 23:23:42 -------- d-----w- c:\documents and settings\larry\application data\Garmin
2011-11-25 23:23:11 -------- d-----w- c:\program files\Garmin
2011-11-25 16:41:56 -------- d-----w- c:\documents and settings\larry\.swt
2011-11-25 16:37:30 -------- d-----w- c:\program files\Vuze
2011-11-25 16:37:14 -------- d-----w- c:\documents and settings\larry\local settings\application data\Vuze_Remote
2011-11-25 16:37:12 -------- d-----w- c:\program files\Vuze_Remote
.
==================== Find3M ====================
.
2011-12-16 23:43:49 26112 ----a-w- c:\windows\system32\userinit.exe
2011-12-10 14:38:20 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 17:06:56 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-02 19:48:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13:22 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-16 18:47:14 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 10:23:48 230608 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2011-10-04 10:21:42 16720 ----a-w- c:\windows\system32\drivers\AVGIDSShim.sys
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2003-08-27 19:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
.
============= FINISH: 7:20:31.32 ===============
 
Final log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2004 11:05:37 PM
System Uptime: 12/18/2011 7:29:44 PM (12 hours ago)
.
Motherboard: Dell Inc. | | 0CH776
Processor: Intel(R) Pentium(R) 4 CPU 3.40GHz | Microprocessor | 3391/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 370 GiB total, 143.837 GiB free.
D: is CDROM ()
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 298 GiB total, 86.393 GiB free.
Z: is NetworkDisk (FAT) - 0 GiB total, 0 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2567: 9/21/2011 3:26:54 PM - System Checkpoint
RP2568: 9/22/2011 4:07:37 PM - System Checkpoint
RP2569: 9/23/2011 5:07:36 PM - System Checkpoint
RP2570: 9/24/2011 10:42:43 AM - Installed AVG 2012
RP2571: 9/24/2011 10:42:55 AM - Removed AVG 2011
RP2572: 9/24/2011 10:43:39 AM - Installed AVG 2012
RP2573: 9/24/2011 10:49:29 AM - Removed AVG 2011
RP2574: 9/25/2011 12:02:06 PM - System Checkpoint
RP2575: 9/26/2011 12:49:08 PM - System Checkpoint
RP2576: 9/27/2011 1:49:07 PM - System Checkpoint
RP2577: 9/28/2011 7:45:59 PM - System Checkpoint
RP2578: 9/29/2011 3:00:20 AM - Software Distribution Service 3.0
RP2579: 9/30/2011 3:59:38 AM - System Checkpoint
RP2580: 10/1/2011 4:59:26 AM - System Checkpoint
RP2581: 10/2/2011 5:59:29 AM - System Checkpoint
RP2582: 10/3/2011 6:59:26 AM - System Checkpoint
RP2583: 10/4/2011 7:59:28 AM - System Checkpoint
RP2584: 10/5/2011 8:59:26 AM - System Checkpoint
RP2585: 10/6/2011 9:59:25 AM - System Checkpoint
RP2586: 10/7/2011 11:00:11 AM - System Checkpoint
RP2587: 10/8/2011 11:05:06 AM - System Checkpoint
RP2588: 10/9/2011 12:04:58 PM - System Checkpoint
RP2589: 10/10/2011 1:05:01 PM - System Checkpoint
RP2590: 10/11/2011 2:04:58 PM - System Checkpoint
RP2591: 10/12/2011 12:15:31 PM - Restore Operation
RP2592: 10/13/2011 12:54:41 PM - System Checkpoint
RP2593: 10/14/2011 3:00:21 AM - Software Distribution Service 3.0
RP2594: 10/15/2011 3:02:28 AM - System Checkpoint
RP2595: 10/16/2011 3:25:14 AM - System Checkpoint
RP2596: 10/17/2011 4:25:42 AM - System Checkpoint
RP2597: 10/18/2011 5:25:02 AM - System Checkpoint
RP2598: 10/19/2011 5:56:13 AM - System Checkpoint
RP2599: 10/20/2011 6:36:42 AM - System Checkpoint
RP2600: 10/21/2011 7:36:40 AM - System Checkpoint
RP2601: 10/22/2011 8:36:38 AM - System Checkpoint
RP2602: 10/23/2011 11:31:12 PM - System Checkpoint
RP2603: 10/25/2011 5:48:06 AM - System Checkpoint
RP2604: 10/26/2011 6:04:25 AM - System Checkpoint
RP2605: 10/27/2011 7:04:25 AM - System Checkpoint
RP2606: 10/28/2011 8:58:16 AM - System Checkpoint
RP2607: 10/29/2011 9:33:47 AM - System Checkpoint
RP2608: 10/30/2011 9:38:01 AM - System Checkpoint
RP2609: 10/31/2011 10:38:01 AM - System Checkpoint
RP2610: 11/1/2011 11:37:58 AM - System Checkpoint
RP2611: 11/2/2011 12:37:59 PM - System Checkpoint
RP2612: 11/3/2011 3:27:32 PM - System Checkpoint
RP2613: 11/4/2011 4:56:29 PM - System Checkpoint
RP2614: 11/5/2011 5:07:40 PM - System Checkpoint
RP2615: 11/6/2011 5:04:13 PM - System Checkpoint
RP2616: 11/7/2011 6:32:04 PM - System Checkpoint
RP2617: 11/8/2011 7:04:13 PM - System Checkpoint
RP2618: 11/8/2011 10:05:25 PM - Installed Windows Media Player 10
RP2619: 11/8/2011 10:06:15 PM - Software Distribution Service 3.0
RP2620: 11/9/2011 3:00:42 AM - Software Distribution Service 3.0
RP2621: 11/10/2011 3:00:33 AM - Software Distribution Service 3.0
RP2622: 11/11/2011 3:04:20 AM - System Checkpoint
RP2623: 11/12/2011 3:00:33 AM - Software Distribution Service 3.0
RP2624: 11/13/2011 3:27:57 AM - System Checkpoint
RP2625: 11/14/2011 3:32:40 AM - System Checkpoint
RP2626: 11/15/2011 4:32:51 AM - System Checkpoint
RP2627: 11/16/2011 5:32:12 AM - System Checkpoint
RP2628: 11/17/2011 5:58:55 AM - System Checkpoint
RP2629: 11/18/2011 11:29:45 PM - System Checkpoint
RP2630: 11/20/2011 12:16:00 AM - System Checkpoint
RP2631: 11/21/2011 1:16:00 AM - System Checkpoint
RP2632: 11/22/2011 2:16:55 AM - System Checkpoint
RP2633: 11/23/2011 3:16:10 AM - System Checkpoint
RP2634: 11/24/2011 3:20:50 AM - System Checkpoint
RP2635: 11/25/2011 4:21:12 AM - System Checkpoint
RP2636: 11/26/2011 4:53:42 AM - System Checkpoint
RP2637: 11/27/2011 5:52:55 AM - System Checkpoint
RP2638: 11/28/2011 6:36:11 AM - System Checkpoint
RP2639: 11/29/2011 7:36:11 AM - System Checkpoint
RP2640: 11/30/2011 8:36:07 AM - System Checkpoint
RP2641: 12/1/2011 9:36:06 AM - System Checkpoint
RP2642: 12/2/2011 10:36:06 AM - System Checkpoint
RP2643: 12/3/2011 11:45:22 AM - System Checkpoint
RP2644: 12/4/2011 12:36:07 PM - System Checkpoint
RP2645: 12/5/2011 1:52:14 PM - System Checkpoint
RP2646: 12/5/2011 9:13:34 PM - Restore Operation
RP2647: 12/5/2011 9:20:12 PM - Restore Operation
RP2648: 12/7/2011 11:54:31 AM - System Checkpoint
RP2649: 12/8/2011 12:35:01 PM - System Checkpoint
RP2650: 12/9/2011 1:35:01 PM - System Checkpoint
RP2651: 12/10/2011 2:20:56 AM - Restore Operation
RP2652: 12/10/2011 2:24:37 AM - Restore Operation
RP2653: 12/10/2011 9:33:31 AM - Installed Ad-Aware
RP2654: 12/10/2011 9:34:28 AM - Installed Ad-Aware
RP2655: 12/11/2011 12:29:38 AM - Restore Operation
RP2656: 12/16/2011 7:51:16 PM - System Checkpoint
RP2657: 12/17/2011 3:01:33 AM - Software Distribution Service 3.0
RP2658: 12/18/2011 3:26:04 AM - System Checkpoint
RP2659: 12/19/2011 3:35:02 AM - System Checkpoint
.
==== Installed Programs ======================
.
.
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
42 Bit Scanner
7-Zip 4.57
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 Plugin
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader 9.4.7
Adobe Shockwave Player 11.5
Advanced DVD Player
AiO_Scan
AIOMinimal
AiOSoftware
Amazon MP3 Downloader 1.0.3
Anime Studio Debut 6.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audio User's Guide
AVG 2012
AVG Free 9.0
Bing Maps 3D
Bonjour
Broadcom Advanced Control Suite 2
CarChip 2.3.3
Combat Arms
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Copy
Creative MediaSource
CreativeProjects
Cypress USB Mass Storage Driver Installation
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Networking Guide
Digital Line Detect
Director
DocProc
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD43 v4.6.0
Epson Event Manager
EPSON NX420 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.2
Fax
Garmin USB Drivers
Garmin WebUpdater
GdiplusUpgrade
Glary Utilities 2.40.0.1326
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.5
Hauppauge WinTV2000
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
hpmdtab
HPSystemDiagnostics
HyperCam 2
Icy Tower v1.3.1
IHA_MessageCenter
ImgBurn
InstantShare
Intel Application Accelerator
Internet Explorer Default Page
IObit Malware Fighter
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 24
Logitech MouseWare 9.77
Malwarebytes' Anti-Malware version 1.51.2.1300
Memeo Instant Backup
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Modem Helper
Mozilla Firefox (3.6.24)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multi-Card Reader & Flash Disk
NETGEAR WG111v2 wireless USB 2.0 adapter
Nexon Game Manager
NVIDIA Drivers
NVIDIA PhysX v8.10.13
Octoshape add-in for Adobe Flash Player
overland
Oxelon Media Converter 1.1
Palm Desktop
Palm VersaMail(tm)
Pando Media Booster
Photo Click
Photo Story 3 for Windows
PhotoGallery
PowerDVD 5.3
Precision Link 2.6
PrintScreen
QFolder
QuickProjects
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Rhapsody
Rhapsody Player Engine
Roll
Safari
Scan
Seagate Dashboard
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SereneScene Marine Aquarium 2
SkinsHP1
SkinsHP2
Skype™ 4.1
Sonic DLA
Sound Blaster Audigy 2 ZS
SoundMAX
TrayApp
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wpaiper
TurboTax 2008 wrapper
TurboTax 2009
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wpaiper
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 wiliper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wmniper
TurboTax 2010 wpaiper
TurboTax 2010 wrapper
TurboTax Deluxe 2004
TurboTax Deluxe 2005
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Card Reader
USB Storage Adapter FX (SM1)
VC 9.0 Runtime
Ventrilo Client
Verizon Help and Support Tool
Viewpoint Media Player
Virtools 3D Life Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Vuze
Vuze Remote Toolbar
Vz In Home Agent
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 4.01 (32-bit)
WordPerfect Office 12
Yahoo! Internet Mail
Yahoo! Software Update
Yahoo! Toolbar
ZoneAlarm Spy Blocker
.
==== Event Viewer Messages From Past Week ========
.
12/18/2011 7:37:25 PM, error: System Error [1003] - Error code 10000050, parameter1 e5463000, parameter2 00000000, parameter3 ad5a9e9a, parameter4 00000001.
12/18/2011 7:30:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
12/16/2011 6:17:45 PM, error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
12/16/2011 6:17:11 PM, error: Print [23] - Printer Dell Photo Printer 720,0 failed to initialize because a suitable Dell Photo Printer 720 driver could not be found.
.
==== End Of File ===========================
 
Welcome to TechSpot! I'll make a deal with you> I'll get those icons and programs back if you share with me what kind of popups you got! There are several different malware programs around now that hide these things. The fixes are not all the same!!
=========================================
Please read all of this reply before you begin.
=========================================
Download Unhide.exe and save to the desktop.
  • Double-click on Unhide.exe icon to run the program.
  • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
Note: This does not remove the malware itself- only the attribute that is causing the icons and programs to be 'missing- so even if you get them back, please continue on with the cleaning.
=================================
I'd like you to run Combofix.You will have to uninstall AVG temporarily as Combofix won't run with it on the system. Please follow this:

Download AppRemover and save to the desktop
  1. Double click the setup on the desktop> click Next
  2. Select “Remove Security Application”
  3. Let scan finish to determine security apps
  4. A screen like below will appear:
    image_preview
  5. Click on Next after choice has been made
  6. Check the AVG program you want to uninstall
  7. After uninstall shows complete, follow online prompts to Exit the program.

Temporary AV: Use one:
Avira-AntiVir-Personal-Free-Antivirus
Avast Free Version
=============================
Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    ***Please note: if you have downloaded Combofix to a flash drive, then run it on the infected machine> the Recovery Console will not install- just bypass and go on.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once installed, you should see a blue screen prompt that says:
    The Recovery Console was successfully installed.
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=============================================
I would also like you to Update and rescan with Malwarebytes:
Note: On the Scanner tab, make sure the the Perform Full Scan option is selected and then click on the Scan button.

When scan has finished, you will see this image:
scan-finished.jpg

  • Click on OK to close box and continue.
  • Click on the Show Results button.
  • Click on the Remove Selected button to remove all the listed malware.
  • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format> Uncheck Word Wrap before copying the log to paste in your next reply.
=================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
 
Hi Bobbye, and thanks for the help, Unfortunately, I can't tell you anything about the popups. It all happened to my son while I was out of town and when I returned, it was all I could to get things going by running Malwarebytes Anti-Malware in safe mode, which took care of the popups. Sorry.

I did follow your instructions. Here are the ComboFix and Malwarebytes logs:


ComboFix 11-12-20.04 - Larry 12/20/2011 12:36:58.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.1999 [GMT -5:00]
Running from: c:\documents and settings\Larry\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\-1191547543
c:\documents and settings\All Users\Application Data\DragToDiscUserNameE.txt
c:\documents and settings\All Users\Application Data\i81nxoYQ8US7nl
c:\documents and settings\All Users\Application Data\KDih5DWlBc4o0I
c:\documents and settings\Larry\g2mdlhlpx.exe
c:\documents and settings\Larry\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Larry\WINDOWS
c:\documents and settings\Sam\WINDOWS
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\dasetup.log
c:\windows\Downloaded Installations\BMP
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\0x0409.ini
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\1033.MST
c:\windows\Downloaded Installations\BMP\{EA2E6144-0834-4704-915A-AF9FDB0D73CA}\BACS.msi
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\DC120fc7_32.dll
c:\windows\system32\SET21.tmp
c:\windows\system32\twain.dll
G:\Autorun.inf
G:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-11-20 to 2011-12-20 )))))))))))))))))))))))))))))))
.
.
2011-12-20 16:13 . 2011-12-20 16:15 -------- d-----w- c:\windows\LastGood
2011-12-11 21:02 . 2011-12-11 21:05 -------- d-----w- c:\documents and settings\Matthew\Application Data\IObit
2011-12-11 03:34 . 2011-12-10 14:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-06 02:05 . 2011-12-10 07:13 -------- d-----w- c:\documents and settings\Administrator
2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\documents and settings\Larry\Application Data\Garmin
2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\program files\DIFX
2011-11-25 23:23 . 2011-11-25 23:23 -------- d-----w- c:\program files\Garmin
2011-11-25 16:41 . 2011-11-25 16:41 -------- d-----w- c:\documents and settings\Larry\.swt
2011-11-25 16:37 . 2011-11-25 16:37 -------- d-----w- c:\program files\Vuze
2011-11-25 16:37 . 2011-11-25 16:37 -------- d-----w- c:\documents and settings\Larry\Local Settings\Application Data\Vuze_Remote
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-16 23:43 . 2004-08-04 11:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-12-10 14:38 . 2010-11-28 01:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 13:25 . 2004-08-04 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 17:06 . 2009-02-27 23:27 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-02 19:48 . 2011-11-02 19:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-01 16:07 . 2004-08-04 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-16 18:47 . 2011-05-18 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 15:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 15:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2003-08-27 19:19 . 2004-12-19 22:13 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-05-09 08:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuze.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuze.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-05-16 19968]
"IAAnotif"="c:\program files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 135168]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTHelper"="CTHELPER.EXE" [2004-03-11 28672]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"Dit"="Dit.exe" [2003-04-22 61440]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2010-03-17 1565696]
"nwiz"="nwiz.exe" [2008-12-25 1657376]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-06-11 273544]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-12-19 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 237568]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:!Documents and Settings!Larry!Local Settings!Application Data!Google!Chrome!User Data_service_run
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 03:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-06-11 18:48 490112 ----a-w- c:\program files\Real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-10-29 18:49 249064 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe"= c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57888:TCP"= 57888:TCP:pando Media Booster
"57888:UDP"= 57888:UDP:pando Media Booster
"58795:TCP"= 58795:TCP:pando Media Booster
"58795:UDP"= 58795:UDP:pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"58684:TCP"= 58684:TCP:pando Media Booster
"58684:UDP"= 58684:UDP:pando Media Booster
.
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/27/2009 6:27 PM 64512]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 286736]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 10:33 PM 820568]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 1:35 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [9/9/2008 6:07 PM 24652]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [12/18/2004 2:46 PM 140440]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys --> c:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys --> c:\windows\system32\DRIVERS\AVGIDSShim.Sys [?]
R4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys --> c:\windows\system32\DRIVERS\avgrkx86.sys [?]
R4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\SYSTEM32\DRIVERS\avcuwfl.sys [7/2/2006 8:28 PM 18644]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\SYSTEM32\DRIVERS\avcuwilo.sys [7/2/2006 8:46 PM 51166]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [4/23/2009 9:11 AM 17149]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [11/3/2011 12:06 PM 15232]
S3 pmxscan;Visioneer USB Kernel;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/27/2004 6:08 PM 15104]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [4/23/2009 9:05 AM 272128]
S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\ONSTOR2K.SYS [1/12/2005 5:09 PM 33754]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/11/2011 4:05 PM 239472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2011-12-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2011-12-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-16 14:50]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
.
2011-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224206037-3237532726-2221067861-1007Core.job
- c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 08:32]
.
2011-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-224206037-3237532726-2221067861-1007UA.job
- c:\documents and settings\Liz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-06 08:32]
.
2009-07-10 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-09 18:09]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-17 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2011-12-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Linked&In Search
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\3l0ipfxb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\AVG\AVG10\Firefox
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: Vuze Remote Community Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - %profile%\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-RunOnce-AppRemover - wscript.exe c:\docume~1\Larry\LOCALS~1\Temp\AppRemover_RunBatchSilently.vbs
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-Google Update - c:\documents and settings\Larry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
MSConfigStartUp-Norton SystemWorks - c:\program files\Norton SystemWorks\cfgwiz.exe
MSConfigStartUp-RoxioDragToDisc - c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-20 12:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\05\19\10&\07?"
.
Completion time: 2011-12-20 13:00:55
ComboFix-quarantined-files.txt 2011-12-20 18:00
.
Pre-Run: 154,571,759,616 bytes free
Post-Run: 162,467,037,184 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 39ED3FAC63554D81DEEF344900820642



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8403

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/20/2011 9:59:12 PM
mbam-log-2011-12-20 (21-59-12).txt

Scan type: Full scan (C:\|G:\|)
Objects scanned: 513102
Time elapsed: 8 hour(s), 26 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Okay- so you would be 'Larry' and 'Sam' would be son? I will be writing some script for removals that will be run through Combofix. I'm going to take a lunch break now and will be back later to review the logs.

There is a deletion in Combofix that indicated an infected flash drive may have been used. If Drive G is a removable drive, it need to be disinfected: These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

Please disinfect all movable drives
  1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  4. Wait until it has finished scanning and then exit the program.
  5. Reboot your computer when done.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
=================
Tell me if you got the 'missing' icons and programs back.
 
Hi Robbye,

Yes, I'm Larry, Sam is my son, and "G" is an external Seagate backup drive

I ran Flash_Disinfector. I didn't plug any flash drive in and assumed it would disinfect "G" but the screen didn't go blank, it only took a few seconds, and didn't indicate it was cleaning "G" (or anything for that matter). Is this normal or did I do miss something?

Thanks again.

Larry
 
Holiday Notice! I will not be working on the threads Sat. Dec. 24 or Sunday Dec. 25. I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that. Please do not send a PM during those days.
--------------------------------
If you have any doubt, you can run this disinfector:
  • Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
  • Install and run it.
  • Plug in USB drive and click on Vaccinate USB and Vaccinate computer.
 
Hi and hope you had a good few days off.

Ran Panda Vaccine. Seemed to work as it asks to vaccinate all flash drives I plug in. A good thing!

Larry
 
I did thank you. I hope your weekend was nice.

Please share with me what problems have been resolved since you ran the scans.

Some of the removals in Combofix for 3kebook.ini and akebook.ini are hidden files that install with the Probot SE keylogger by NetHunter Group.
This program is designed to track what is done on a standalone computer or a networked workstation. It runs in stealth mode so the user can't tell that the program is running. This sort of tool has legitimate uses such as a company keeping an eye on what employees are doing. If installed for this purpose, these files are safe.

From what I could find on Safe Sites for this program, it is not something found at the local software store. In fact, it looks like the group is in Cyprus.

Since this is your home computer used by 3 family members, unless one of the parents have installed this to track the young one, this is not a good thing. Please let me know if the program was installed intentionally.
=====================================
New Holiday Notice! I will not be working on the threads Sat. Dec. 31 or Sunday Jan. 1 I will begin with the oldest threads first on Monday. I will do my best to get you finished or as far along as I can before that.

Please do not send a PM during those days.
 
Actually, I think I did install that a while back but it has long outlived it's usefulness. Don't remember exactly when I installed it but it was a few years ago and I'm sure I downloaded it through CNET (if that makes a difference).

Thanks.

LL
 
Hi, I can't find any evidence of it. It won't open (not found), logs won't open (not found), search turns up nothing. Can it be that one of the earlier scans removed it?

Suggestions?

LL
 
My apology Larry- I am so incredibly behind!

You are slow for several reasons:
  1. . You have an excess of unnecessary programs or processes on Startup. They start on boot and run in the background, using system resources.. For example, none of these need to start on boot: Printers, Media Players, Java, Adobe, Games
  2. . You have an excess of Addons-23 Active X Objects in IE.
  3. . You have an excess of Firefox addons: Plugins (19), Components (14) and Extensions (7)
  4. . You have multiple old versions of Java (4)and do not have the current version. The best way to handle that is to run the following: Note: I do not want this log!
    Please download JavaRa and unzip it to your desktop.
    Important!***Please close any instances of Internet Explorer before continuing!***
    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that
      a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.Note: Do not leave this log.
    Download and install then most current version and update of Java RuntimeEnvironment (JRE)HERE.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    =====================================
  5. You have an excess of Scheduled Tasks: Take a look at the, and stop most:
    Opening scheduled tasks to modify or delete them:
    Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.
    [o] To delete a task> right-click the task> click Delete.
    c:\windows\Tasks\RealUpgradeLogonTask ( 3 tasks set)
    c:\windows\Tasks\RealUpgradeScheduledTasks[/b] (3 tasks set)
    c:\windows\Tasks\GlaryInitialize
    ======================================
  6. You had/have 4 antivirus processes running: Norton, McAfee, AVG, AdWatch AV. Not only is this 3 too many AV, but it makes the system more vulnerable and slows it down. Anytime you want to change the AV, you should run the uninstaller for the program and delete the program folder.
======================================
It would be interesting to know how much RAM is installed. No matter how much malware is removed, if the above excesses are stopped, your system is going to be slow.

Please go on to next reply.
 
When finished with previous reply, please do the following:

1. To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
==========================================
2. Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
=====================================
3. Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\program files\viewpoint\common\ViewpointService.exe
DDS::
c:\program files\Vuze
c:\documents and settings\Larry\Local Settings\Application Data\Vuze_Remote
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\prxtbVuze.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {BB670D0B-5C46-40C7-B38B-40DD26987723} - No File
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
{85e0b171-04fa-11d1-b7da-00a0c90348d6}
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Linked&In Search
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}].
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"=-
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Clearjavacache::
Driver::
Viewpoint Manager Service
FCopy::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
Please leave logs in next reply.
 
Hi Bobbye,

No need to apologize for any delay. It was a few days and just wanted to know if we were finished or not (apparently not).

OK, here's what I've done:

1. Disabled most startup programs and processes.
2. Disabled most Firefox and IE addons, plugins, components, and extensions.
3. Ran JavaRa, deleted old versions, and downloaded the most current version of Java.
4. Disabled almost all scheduled tasks.
5. Couldn't find McAfee or Norton in my programs, startup, or Control Panel Add/Delete programs but deleted their respective folders (any suggestions as to how to get rid of these would be appreciated).
6. Disabled AdWatch Live (left AVG AV alone).
7. System is running 3.0GB RAM. Max is 4.0 (old system), should I go for it? It's certainly cheap enough.
8. Ran ESETOnline. It didn't find anything and therefore didn't produce a log.
9. Ran CKScanner - Log (CKFILES.TXT) posted below.
10. Dragged CFScript into ComboFix and ran it - Log (COMBOFIX010712.TXT) posted below.

Once again, I thank you for all you've done.

* * * * *

CKFILES.TXT>>>> Edit by Bobbye> there is no log for this

2nd Edit: Copy of the script (COMBOFIX010712.TXT pasted into this reply after runnng has been removed by Bobbye to prevent confusion.
------=---------------------

ComboFix 12-01-06.03 - Larry 01/07/2012 13:10:03.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2158 [GMT -5:00]
Running from: c:\documents and settings\Larry\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Larry\Desktop\cfscript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
FILE ::
"c:\program files\viewpoint\common\ViewpointService.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\adobe\reader 9.0\reader\Reader_sl.exe
c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
c:\program files\hp\digital imaging\bin\hpqtra08.exe
c:\program files\real\realplayer\update\realsched.exe
c:\program files\viewpoint\common\ViewpointService.exe
c:\program files\yahoo!\companion\installs\cpn2\yt.dll
c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_Viewpoint Manager Service
.
.
((((((((((((((((((((((((( Files Created from 2011-12-07 to 2012-01-07 )))))))))))))))))))))))))))))))
.
.
2012-01-07 04:15 . 2012-01-07 04:15 -------- d-----w- c:\program files\ESET
2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
2012-01-04 00:44 . 2012-01-04 00:44 65536 ----a-r- c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\ARPPRODUCTICON.exe
2011-12-26 04:33 . 2011-12-26 04:33 -------- d-----w- c:\program files\LightScribe
2011-12-26 04:31 . 2011-12-26 04:31 -------- d-----w- c:\program files\LightScribe Template Labeler
2011-12-26 04:29 . 2011-12-26 04:29 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2011-12-26 04:27 . 2011-12-26 04:28 -------- d-----w- c:\program files\Common Files\LightScribe
2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2011-12-23 13:24 . 2011-12-23 13:24 -------- d-----w- c:\program files\Panda USB Vaccine
2011-12-20 18:19 . 2012-01-07 13:54 -------- d-----w- c:\windows\system32\drivers\AVG
2011-12-11 21:02 . 2011-12-11 21:05 -------- d-----w- c:\documents and settings\Matthew\Application Data\IObit
2011-12-11 03:34 . 2011-12-10 14:38 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-12-10 07:13 . 2011-12-10 07:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-07 03:47 . 2011-03-14 18:02 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-07 03:47 . 2008-09-16 19:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-16 23:43 . 2004-08-04 11:00 26112 ----a-w- c:\windows\system32\userinit.exe
2011-12-10 14:38 . 2010-11-28 01:04 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-23 13:25 . 2004-08-04 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 17:06 . 2009-02-27 23:27 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-11-02 19:48 . 2011-11-02 19:48 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-11-01 16:07 . 2004-08-04 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 1980-01-01 06:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 1980-01-01 06:00 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 11:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-16 18:47 . 2011-05-18 01:28 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-10 14:22 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2003-08-27 19:19 . 2004-12-19 22:13 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-20_17.52.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 06:07 . 2009-07-12 06:07 57856 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll
+ 2009-07-12 06:19 . 2009-07-12 06:19 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll
+ 2012-01-07 04:28 . 2012-01-07 04:28 16384 c:\windows\Temp\Perflib_Perfdata_958.dat
+ 2012-01-07 18:21 . 2012-01-07 18:21 16384 c:\windows\Temp\Perflib_Perfdata_7b8.dat
+ 2011-09-13 11:30 . 2011-09-13 11:30 32592 c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
+ 2011-08-08 11:08 . 2011-08-08 11:08 40016 c:\windows\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2011-10-04 11:21 . 2011-10-04 11:21 16720 c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 24272 c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 23120 c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys
- 2004-12-18 03:22 . 2011-12-11 21:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-12-18 03:22 . 2012-01-07 18:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2004-12-18 03:22 . 2012-01-07 18:00 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-12-18 03:22 . 2011-12-11 21:02 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-12-20 18:18 . 2012-01-07 18:00 16384 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2012-01-04 00:45 . 2012-01-04 00:45 81920 c:\windows\Installer\{95468B00-C081-4B27-AC96-0A2A31359E60}\ARPPRODUCTICON.exe
+ 2012-01-04 00:45 . 2012-01-04 00:45 232912 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2012-01-04 00:45 . 2012-01-04 00:45 311760 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil10k_ActiveX.dll
+ 2012-01-07 03:47 . 2012-01-07 03:47 157472 c:\windows\SYSTEM32\javaws.exe
- 2011-03-14 18:02 . 2011-03-14 18:02 157472 c:\windows\SYSTEM32\javaws.exe
+ 2012-01-07 03:47 . 2012-01-07 03:47 149280 c:\windows\SYSTEM32\javaw.exe
+ 2012-01-07 03:47 . 2012-01-07 03:47 149280 c:\windows\SYSTEM32\java.exe
+ 2011-07-11 06:14 . 2011-07-11 06:14 295248 c:\windows\SYSTEM32\DRIVERS\avgtdix.sys
+ 2011-10-07 11:23 . 2011-10-07 11:23 230608 c:\windows\SYSTEM32\DRIVERS\avgldx86.sys
+ 2011-07-11 06:14 . 2011-07-11 06:14 134608 c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys
+ 2012-01-07 03:48 . 2012-01-07 03:48 203776 c:\windows\Installer\bb8fbc3.msi
+ 2012-01-07 03:47 . 2012-01-07 03:47 901120 c:\windows\Installer\bb8fbb3.msi
+ 2011-12-26 04:31 . 2011-12-26 04:31 323584 c:\windows\Installer\{83721450-E604-4C37-ABEB-CE7F18C587C8}\NewShortcut1_3BC5BC30773746439FA3047F389574CE.exe
+ 2011-12-26 04:31 . 2011-12-26 04:31 281894 c:\windows\Installer\{83721450-E604-4C37-ABEB-CE7F18C587C8}\ARPPRODUCTICON.exe
+ 2011-12-26 04:33 . 2011-12-26 04:33 323584 c:\windows\Installer\{61F25370-7465-4404-BE28-4629BF808699}\LS_SLW_SHORTCUT_F5B0142B17F14684B6AC6E79EF0C9EFE.exe
+ 2011-12-26 04:33 . 2011-12-26 04:33 281894 c:\windows\Installer\{61F25370-7465-4404-BE28-4629BF808699}\ARPPRODUCTICON.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 131072 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\QuickDemoUrl_E9752251A5AD4678977047FD65566D18.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 323584 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut2_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 339968 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut1_FE82206EF6124B479F4EDD27A1E056A4.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 323584 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\NewShortcut1_C673DF680CDE41FC9DFBF63D31DE4F28.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 131072 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\LightScribeWebsite_9607541794D946E89D5752F753E35CC4.exe
+ 2011-12-26 04:28 . 2011-12-26 04:28 281894 c:\windows\Installer\{2FA75B40-17C9-4D22-88CA-80A5D52FAB13}\ARPPRODUCTICON.exe
+ 2009-07-12 01:46 . 2009-07-12 01:46 1093120 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll
+ 2009-07-12 01:46 . 2009-07-12 01:46 1105920 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll
+ 2011-12-23 14:24 . 2011-12-23 14:24 4683264 c:\windows\Installer\ea11a0d.msi
+ 2011-12-20 18:08 . 2011-12-20 18:08 2186240 c:\windows\Installer\8eb825.msi
+ 2012-01-04 00:45 . 2012-01-04 00:45 1093120 c:\windows\Installer\497eda8d.msi
+ 2012-01-04 00:44 . 2012-01-04 00:44 2992128 c:\windows\Installer\497eda89.msi
+ 2011-12-26 04:33 . 2011-12-26 04:33 1193984 c:\windows\Installer\1bf2880d.msi
+ 2011-12-26 04:31 . 2011-12-26 04:31 1191424 c:\windows\Installer\1bf28808.msi
+ 2011-12-26 04:28 . 2011-12-26 04:28 2344960 c:\windows\Installer\1bf28803.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"Dit"="Dit.exe" [2003-04-22 61440]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2011-12-03 2415456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-02 68856]
.
c:\documents and settings\Larry\Start Menu\Programs\Startup\
PandaUSBVaccine.lnk - c:\program files\Panda USB Vaccine\USBVaccine.exe [2011-12-23 1287176]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dataviz Messenger.lnk]
backup=c:\windows\pss\Dataviz Messenger.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Larry^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2005-09-09 05:18 57344 ----a-w- c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-04-20 16:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
2004-03-11 15:50 28672 ----a-w- c:\windows\SYSTEM32\CTHELPER.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-08-24 00:19 57344 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-12-03 15:12 976320 ----a-w- c:\program files\Epson Software\Event Manager\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2005-01-12 18:54 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 03:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2004-03-23 18:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-07-19 22:29 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2011-06-20 20:07 2736128 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-05-16 15:50 19968 ------w- c:\windows\LOGI_MWX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-12-25 16:08 13680640 ----a-w- c:\windows\SYSTEM32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-12-25 16:08 86016 ----a-w- c:\windows\SYSTEM32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-12-25 16:08 1657376 ----a-w- c:\windows\SYSTEM32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2011-06-11 18:48 490112 ----a-w- c:\program files\Real\realplayer\realplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
2003-08-27 19:20 94208 ----a-r- c:\windows\SM1bg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2004-10-14 19:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\real\realplayer\update\realsched.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55 1565696 ----a-w- c:\program files\Verizon\McciTrayApp.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe"= c:\documents and settings\Matthew\Desktop\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Matthew\\Desktop\\Combat Arms\\Engine.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57888:TCP"= 57888:TCP:pando Media Booster
"57888:UDP"= 57888:UDP:pando Media Booster
"58795:TCP"= 58795:TCP:pando Media Booster
"58795:UDP"= 58795:UDP:pando Media Booster
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"58684:TCP"= 58684:TCP:pando Media Booster
"58684:UDP"= 58684:UDP:pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\SYSTEM32\DRIVERS\AVGIDSEH.sys [7/11/2011 1:14 AM 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys [9/13/2011 6:30 AM 32592]
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [2/27/2009 6:27 PM 64512]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [10/7/2011 6:23 AM 230608]
R1 Avgtdix;AVG TDI Driver;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/11/2011 1:14 AM 295248]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 6:09 AM 192776]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 286736]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [6/13/2011 10:33 PM 820568]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [11/3/2011 12:06 PM 2152152]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [1/24/2011 1:35 PM 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [6/1/2011 11:42 AM 14088]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\SYSTEM32\DRIVERS\AVGIDSDriver.sys [7/11/2011 1:14 AM 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\SYSTEM32\DRIVERS\AVGIDSFilter.sys [7/11/2011 1:14 AM 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\SYSTEM32\DRIVERS\AVGIDSShim.sys [10/4/2011 6:21 AM 16720]
R3 HCW848NT;Hauppauge Win/TV;c:\windows\SYSTEM32\DRIVERS\hcw848nt.sys [12/18/2004 2:46 PM 140440]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 6:25 AM 4433248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
S3 AVC2310F;AVC-2310/AVC-2210 USB Loader;c:\windows\SYSTEM32\DRIVERS\avcuwfl.sys [7/2/2006 8:28 PM 18644]
S3 AvcUWilo;Adaptec AVC-2210/2310 USB Device;c:\windows\SYSTEM32\DRIVERS\avcuwilo.sys [7/2/2006 8:46 PM 51166]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\SYSTEM32\DNINDIS5.sys [4/23/2009 9:11 AM 17149]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/7/2010 8:59 AM 135664]
S3 pmxscan;Visioneer USB Kernel;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [12/27/2004 6:08 PM 15104]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\SYSTEM32\DRIVERS\wg111v2.sys [4/23/2009 9:05 AM 272128]
S3 USBSAMP;Link based USB Mass Storage Driver;c:\windows\SYSTEM32\DRIVERS\ONSTOR2K.SYS [1/12/2005 5:09 PM 33754]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [12/11/2011 4:05 PM 239472]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 20:05 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 08:32 128512 ----a-w- c:\windows\SYSTEM32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 17:06]
.
2012-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-01-07 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2011-11-16 14:50]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
.
2012-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 13:58]
.
2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
2012-01-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-224206037-3237532726-2221067861-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Linked&In Search
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.cmphotocenter.com/is/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Larry\Application Data\Mozilla\Firefox\Profiles\3l0ipfxb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\AVG\AVG2012\Firefox4
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-07 13:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,60,cd,54,7e,74,85,2f,4f,8b,70,94,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\05\19\10&\07?"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2968)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Seagate\Seagate Dashboard\MemeoDashboard.exe
c:\program files\Memeo\AutoBackup\InstantBackup.exe
c:\program files\Memeo\AutoBackup\MemeoUpdater.exe
c:\program files\AVG\AVG2012\avgui.exe
c:\program files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-01-07 13:58:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-07 18:58
ComboFix2.txt 2011-12-20 18:00
.
Pre-Run: 160,161,411,072 bytes free
Post-Run: 160,089,964,544 bytes free
.
- - End Of File - - 274DE94CB66F5B3B860BC7A947C84BF5
 
I'm not really sure what you did above.

4. Disabled almost all scheduled tasks.>> there are still 13 Scheduled Task This is only 1 less than previously
6. Disabled AdWatch Live (left AVG AV alone).>> Per my reply #3, AVG was to be temporarily uninstalled before running Combofix. AVG is on the system in the current Combofix and AdWatch is also still installed. Do not count on AdWatch for full AV coverage. I left you a choice of 2 AV to choose from while AVG was uninstalled.
7. System is running 3.0GB RAM. Max is 4.0 (old system), should I go for it? It's certainly cheap enough.>> No! Even 3GB is more than you need for Win XP Home. You need to get rid of the trash- not add more RAM!
9. Ran CKScanner - Log (CKFILES.TXT) posted below.>> No log
You typed "CKScanner but did not leave anything for it.
10. Dragged CFScript into ComboFix and ran it - Log (COMBOFIX010712.TXT) posted below.
Then it appears that you copied the script from the code box and pasted it in before the Combofix log..That script gets copied into Notepad, then run through Combofix as instructed. I have deleted that copy in the reply.
========================================
Before you go on, please go back to my Reply #3 and follow the AppRemover instructions for AVG. This includes using one of the temporary AV I left. Note, you will still need to disable the new AV when you run Combofix again.

Find and leave the log for the CK Scanner.
Leave AdWatch disabled.
Go back and find those Scheduled Tasks you thought you disabled and disable them.
-------------------------------
Reboot the computer.
------------------------------
30 processes starting on boot>> I have 4: the AV, touchpad for laptop, 2 network processes>>>> Everything you have can be called up from All Programs instead of starting on boot and running in the background. Your 30 = slow!
9 drivers for AVG> 3 are for the antiroot kit and the rest for the AV
Addons are much better! :)
========================================
With AVG uninstalled and Avast or Avira disabled:
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code:
File::
c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe
c:\documents and settings\Larry\Application Data\Microsoft\Installer\{07FF08D2-C0CD-4B02-B9A6-E2E7E5762AA9}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe
c:\program files\Common Files\SM1updtr.dll
c:\windows\SYSTEM32\DRIVERS\avgrkx86.sys
RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
Clearjavacache::
Driver::
Avgrkx86
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
 
Update: I went into "services.msc" and changed a bunch of services to manual and disabled a bunch more Probably still running a number that are unnecessary, but better.

LL
 
Second update: Whenever I want to log off or turn off the computer, I have to do it twice (start > Log Off > Log Off or Start > Turn Off Computer > Turn Off (or Restart)). First time does nothing, second time works fine. Curious...

LL
 
Please use the Edit feature in a Reply when you have only a sentence or few words to add. I get email feedback every time you reply.

About the shutdown- I doubt that has anything to do with the malware- both shutdown and load are directly related to the number of processes to run on the system.

About the Services: you have to be careful when changing Services. Some are absolutely needed. When I discuss Services, here are my comments:.
  • Use the recommendations of the Black Viper site
    For Windows XP Home SP3: Black Viper Services for Windows XP Home, SP3
    [o] You need to know what a Service is for.
    [o] You will learn the ones that must] be set to Automatic.
    [o]You will learn which can be set to Manual so they only start when needed.
    [o] You will learn that some Services depend on other Services for it to run> those are the Dependencies.
    [o] You will learn that some Services can be disabled, both for non-use and for safety.
  • I advise working in Services be done in Safe Mode. The main reason is because of the Dependencies. If a Dependency isn't running when you are in Normal Mode, you won't be able to start the Service.
  • I don't advise stopping any 'unknown' Service for all of the above reasons.
=====================================
About entries in the Startup folder and Startup Menu:
None of the following need to start on boot. Programs an be accessed in All Programs when needed
Start Menu^Programs^Startup Folder
Adobe Gamma Loader.lnk]
Dataviz Messenger.lnk
HP Digital Imaging Monitor.lnk
Microsoft Office.lnk
PowerReg Scheduler V3.exe

These are valid programs but none are required to run on startup.
Startup Menu on the msconfig startup:
AdobeARM.exe
Adobe Photo Downloader> apdproxy.exe
c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
c:\program files\CyberLink\PowerDVD\DVDLauncher.exe
c:\program files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
c:\program files\HP\HP Software Update\hpwuSchd2.exe
c:\program files\iTunes\iTunesHelper.exe
c:\program files\QuickTime\QTTask.exe
c:\program files\Real\realplayer\realplay.exe
SM1bg.exe>> USB driver for downloading from within Napster to portable MP3 players >> Set in 2003
C:\WINDOWS\UpdReg.EXE>> Reminder to register Creative Labs SoundBlaster Live! cards (Set in 2000).
=========================================
To remove entries from the Startup Menu using the msconfig utility:
  • Click on Start> Run> type in msconfig> enter>
    msconfig_open_xp.gif
  • Click on Selective Startup
  • Choose the Startup tab:
    startup_tab_xp.gif

    All images courtesy NetSquirrel
  • To expand the Command Column, (this shows what the process 'belongs' to) hold left mouse button down on the dividing line on frame above Location and move to the right to expand.
  • Uncheck any processes you do not need to start on boot.
  • Click on Apply> OK when finished.
NOTE:
When you reboot the system the first time after making changes using the msconfig utility, a nag message comes up that can be ignored and closed after checking 'don't show this message again.' Remain in Selective Startup to retain those changes.
 
Regarding your PM, the last reply here was from me- a week go. I left information regarding the Services and startup Menu. When you gave no post back, t appeared you had left the thread.

It's been a week and I was just wondering if we're done. If so, can I delete Avira and reinstall AVG (just like it better)? Also, I have a copy (purchased) of Malwarebytes Anti-Malware Pro (real time protection, etc.). Should I install it?

You still have a great number of processes starting on boot.
===================================
If all is well: Removing all of the tools we used and the files and folders they created
  • Uninstall ComboFix and all Backups of the files it deleted
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    CF_Uninstall-1.jpg
  • Download OTCleanIt by OldTimer and save it to your Desktop.
  • Double click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
-----
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
------------------------------------------
  • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
  • Go to Start > All Programs > Accessories > System Tools
  • Click "System Restore".
  • Choose "Create a Restore Point" on the first screen then click "Next".
  • Give the Restore Point a name> click "Create".
  • Go back and follow the path to > System Tools.
    [*]Choose Disc Cleanup
    [*]Click "OK" to select the partition or drive you want.
    [*]Click the "More Options" Tab.
    [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


Empty the Recycle Bin

Reinstall AVG. Make sure the Mbam you were using got uninstalled and progrm folder deleted. Then install the new version of Mbam.
 
Status
Not open for further replies.
Back