AdWare.Win32.SurfSide [Solved]

Hi HungryMan,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.



Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

thanks for the help and it the case that it is needed i have noticed that this system is not stable being it has been crashing typically with less than 1 hour of runtime.

here are the logs

OTL logfile created on: 8/4/2009 3:24:31 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Ceryn\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 679.03 Mb Available Physical Memory | 66.34% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 93.26 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 149.53 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOLTENWHORE
Current User Name: Ceryn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Documents and Settings\Ceryn\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\System32\ati2sgag.exe ()
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (ALCXWDM [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT73 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rt73.sys (Ralink Technology, Corp.)
DRV - (RTL8023xp [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys ()
DRV - (viamraid [Boot | Running]) -- C:\WINDOWS\system32\drivers\viamraid.sys (VIA Technologies inc,.ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://profile.myspa...iendid=66358382
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/30 21:31:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/04 15:18:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/04 15:18:27 | 00,000,000 | ---D | M]

[2009/08/01 19:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ceryn\Application Data\mozilla\Extensions
[2009/08/01 19:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ceryn\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/01 19:29:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ceryn\Application Data\mozilla\Firefox\Profiles\useq5fnh.default\extensions
[2009/08/01 19:28:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/04 15:18:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/04 15:18:20 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/04 15:18:20 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/04 15:18:24 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/07/15 13:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 13:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/15 13:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 13:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/15 13:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 13:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 13:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1165438114823 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1165438098714 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/16 18:49:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/31 21:43:55 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell - "" = AutoRun
O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell - "" = Autorun
O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell\Open\command - "" = RECYCLER\S-6-6-64-100022709-100006747-100027598-4254.com g:\
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/04 15:22:23 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ceryn\Desktop\OTL.exe
[2009/08/04 15:20:04 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Ceryn\Desktop\ATF-Cleaner.exe
[2009/08/01 19:55:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/08/01 19:35:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Application Data\Adobe
[2009/08/01 19:35:01 | 01,925,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Ceryn\Desktop\install_flash_player.exe
[2009/08/01 19:34:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\My Documents\Downloads
[2009/08/01 19:28:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/01 19:28:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Local Settings\Application Data\Mozilla
[2009/08/01 19:28:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Application Data\Mozilla
[2009/08/01 19:28:45 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/01 19:28:43 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/30 22:43:02 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Ceryn\Desktop\HijackThis.lnk
[2009/07/30 22:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/30 22:39:42 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ceryn\Desktop\HJTInstall.exe
[2009/07/30 21:31:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/07/30 21:31:28 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/30 21:31:28 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/30 21:31:28 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/30 21:31:28 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/30 21:31:28 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/30 21:31:09 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/30 21:30:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/07/30 21:30:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Application Data\Sun
[2009/07/30 21:15:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Application Data\Malwarebytes
[2009/07/30 21:15:19 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/30 21:15:17 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/30 21:15:16 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/30 21:15:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/30 21:15:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/30 21:12:47 | 03,152,089 | ---- | C] () -- C:\Documents and Settings\Ceryn\Desktop\Combo-Fix.exe
[2009/07/27 21:23:37 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/27 20:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/07/27 20:38:15 | 02,180,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/07/27 20:38:15 | 02,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/07/27 20:38:15 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/07/27 20:38:15 | 01,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/07/27 20:38:15 | 00,983,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/07/27 20:38:15 | 00,924,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\mfc40u.dll
[2009/07/27 20:38:15 | 00,792,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comres.dll
[2009/07/27 20:38:15 | 00,656,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/07/27 20:38:15 | 00,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\comctl32.dll
[2009/07/27 20:38:15 | 00,577,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/07/27 20:38:15 | 00,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/07/27 20:38:15 | 00,435,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntmssvc.dll
[2009/07/27 20:38:15 | 00,407,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\netlogon.dll
[2009/07/27 20:38:15 | 00,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rpcss.dll
[2009/07/27 20:38:15 | 00,359,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\tcpip.sys
[2009/07/27 20:38:15 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/07/27 20:38:15 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/07/27 20:38:15 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\srsvc.dll
[2009/07/27 20:38:15 | 00,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\appmgmts.dll
[2009/07/27 20:38:15 | 00,142,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\aec.sys
[2009/07/27 20:38:15 | 00,124,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/07/27 20:38:15 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/07/27 20:38:15 | 00,108,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/07/27 20:38:15 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\rasauto.dll
[2009/07/27 20:38:15 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/07/27 20:38:15 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/07/27 20:38:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\msgsvc.dll
[2009/07/27 20:38:15 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/07/27 20:38:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/07/27 20:38:15 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/07/27 20:38:15 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lpk.dll
[2009/07/27 20:38:15 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/07/27 20:38:15 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/07/27 20:38:15 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/07/27 20:38:15 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/07/27 20:38:15 | 00,011,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\acpiec.sys
[2009/07/27 20:38:15 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfc.dll
[2009/07/27 20:38:15 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\beep.sys
[2009/07/27 20:38:15 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\null.sys
[2009/07/27 20:38:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/07/27 20:34:33 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/07/27 20:34:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/07/27 20:34:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/07/27 20:34:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/07/27 20:34:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/27 20:34:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/27 20:34:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/27 20:34:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/07/27 20:34:30 | 00,000,000 | --SD | C] -- C:\Combo-Fix
[2009/07/27 20:34:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/07/27 20:33:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/07/27 20:18:23 | 00,020,747 | ---- | C] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/07/27 20:18:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/27 20:18:18 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\UpdateDriver.exe
[2009/07/27 20:18:18 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[2009/07/27 20:18:17 | 00,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/07/27 20:18:15 | 00,000,000 | ---D | C] -- C:\Program Files\Belkin
[2009/07/27 20:17:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ceryn\Application Data\InstallShield
[2009/07/27 19:47:11 | 00,451,968 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt73.sys
[2009/07/27 19:04:30 | 10,732,70784 | -HS- | C] () -- C:\hiberfil.sys
[2006/10/16 19:26:14 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004/08/03 20:07:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/03 20:07:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 20:07:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/03 20:07:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/08/04 15:22:28 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ceryn\Desktop\OTL.exe
[2009/08/04 15:20:05 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Ceryn\Desktop\ATF-Cleaner.exe
[2009/08/04 15:19:21 | 39,525,661 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/04 15:19:07 | 00,057,811 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/04 15:17:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/04 15:17:31 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/04 15:17:29 | 10,732,70784 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/03 21:52:26 | 06,941,216 | -H-- | M] () -- C:\Documents and Settings\Ceryn\Local Settings\Application Data\IconCache.db
[2009/08/03 21:49:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/01 19:35:04 | 01,925,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Ceryn\Desktop\install_flash_player.exe
[2009/08/01 19:28:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/01 19:28:45 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/07/30 22:43:02 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Ceryn\Desktop\HijackThis.lnk
[2009/07/30 22:39:44 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ceryn\Desktop\HJTInstall.exe
[2009/07/30 21:31:15 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/30 21:31:15 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/30 21:31:15 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/30 21:31:15 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/30 21:31:15 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/30 21:15:19 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/30 21:12:56 | 03,152,089 | ---- | M] () -- C:\Documents and Settings\Ceryn\Desktop\Combo-Fix.exe
[2009/07/27 21:16:22 | 00,047,104 | ---- | M] () -- C:\Documents and Settings\Ceryn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 20:38:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/27 20:24:27 | 00,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/27 20:24:27 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/27 20:24:27 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/27 20:18:23 | 00,020,747 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\drivers\AegisP.sys
[2009/07/27 20:18:18 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belkin Wireless Networking Utility.lnk
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/13 05:48:54 | 00,219,648 | ---- | M] () -- C:\WINDOWS\PEV.exe

========== LOP Check ==========

[2009/07/30 21:30:58 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/01 19:35:36 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Ceryn\Application Data
[2009/07/30 21:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ceryn\Application Data\U3
[2006/10/16 22:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Ceryn\Application Data\Ventrilo
[2004/08/03 20:07:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/04 15:17:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 8/4/2009 3:24:31 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Ceryn\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.48 Mb Total Physical Memory | 679.03 Mb Available Physical Memory | 66.34% Memory free
2.40 Gb Paging File | 2.08 Gb Available in Paging File | 86.42% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 93.26 Gb Free Space | 62.57% Space Free | Partition Type: NTFS
Drive D: | 186.31 Gb Total Space | 149.53 Gb Free Space | 80.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MOLTENWHORE
Current User Name: Ceryn
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}" = QuickTime
"{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}" = iTunes
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"GoogleVideoPlayer" = Google Video Player
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Ventrilo" = Ventrilo
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"World of Warcraft" = World of Warcraft

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/26/2006 7:24:24 PM | Computer Name = MOLTENWHORE | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 7.0.1.8, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/4/2006 12:54:38 PM | Computer Name = MOLTENWHORE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 6.0.79.0, fault address 0x0001cfd3.

Error - 11/9/2006 8:44:14 PM | Computer Name = MOLTENWHORE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module flash.ocx, version 6.0.79.0, fault address 0x00001832.

Error - 11/30/2006 2:29:50 PM | Computer Name = MOLTENWHORE | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/27/2009 9:38:01 PM | Computer Name = MOLTENWHORE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/27/2009 9:38:01 PM | Computer Name = MOLTENWHORE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.

Error - 7/30/2009 9:49:13 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/30/2009 9:49:13 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 7/30/2009 9:53:55 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/30/2009 9:53:55 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 7/30/2009 10:08:55 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 30 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 7/30/2009 10:08:55 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 30 minutes. NtpClient has no source of accurate
time.

Error - 8/1/2009 8:25:16 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 8/1/2009 8:25:16 PM | Computer Name = MOLTENWHORE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.


< End of report >

Hi HungryMan,



Step #1

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell - "" = AutoRun
  O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
  O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell - "" = Autorun
  O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\Shell\Open\command - "" = RECYCLER\S-6-6-64-100022709-100006747-100027598-4254.com g:\
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Step #2

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  o Click Preferences, then click the Statistics/Logs tab.
  o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  o If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  o Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/04/2009 at 06:09 PM

Application Version : 4.27.1000

Core Rules Database Version : 4027
Trace Rules Database Version: 1967

Scan type : Complete Scan
Total Scan Time : 00:57:46

Memory items scanned : 362
Memory threats detected : 0
Registry items scanned : 3264
Registry threats detected : 0
File items scanned : 60980
File threats detected : 60

Trojan.Agent/Gen-FSG
C:\DOCUMENTS AND SETTINGS\CERYN\DESKTOP\CERYNS [bleep]\TEH [bleep]\IMPORTANT [bleep]\KEYGEN.EXE
D:\DOCUMENTS AND SETTINGS\CERYN\DESKTOP\EVERYTHING\IMPORTANT [bleep]\KEYGEN.EXE

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\WTSIT.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{D3247657-7EBD-49B3-A1F1-DAD180FADA61}\RP70\A0086260.EXE
D:\WINDOWS\Q2VYEW4\KZPVYQB.VBS
D:\WINDOWS\UNINSTALL_NMON.VBS
D:\WINDOWS\UNIST1.HTM

Adware.DeluxeCommunications
D:\DOCUMENTS AND SETTINGS\CERYN\APPLICATION DATA\DXCKNWRD.DLL
D:\DOCUMENTS AND SETTINGS\CERYN\LOCAL SETTINGS\TEMP\DXCUPDATER3.EXE
D:\DOCUMENTS AND SETTINGS\CERYN\LOCAL SETTINGS\TEMP\RP163.TMP
D:\WINDOWS\SYSTEM32\BKD.EXE

Adware.Tracking Cookie
D:\Documents and Settings\Ceryn\Cookies\ceryn@counter_20070123b[1].txt
D:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt
D:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt

Trojan.Agent/Gen-ImageDocFake
D:\DOCUMENTS AND SETTINGS\CERYN\DESKTOP\EVERYTHING\IMPORTANT [bleep]\NERO 6 ULTRA KEYGEN.DOC

Trojan.BraveSentry
D:\PROGRAM FILES\BRAVESENTRY\BRAVESENTRY.LIC
D:\PROGRAM FILES\BRAVESENTRY\BRAVESENTRY0.BS
D:\PROGRAM FILES\BRAVESENTRY\BRAVESENTRY1.BS

Adware.k8l
D:\PROGRAM FILES\MSN GAMING ZONE\PROFSYRT.HTML

Trojan.ZQuest
D:\SYSTEM VOLUME INFORMATION\_RESTORE{4FD48B01-E204-4C32-904B-E625A0F65792}\RP76\SNAPSHOT\MFEX-1.DAT
D:\SYSTEM VOLUME INFORMATION\_RESTORE{4FD48B01-E204-4C32-904B-E625A0F65792}\RP76\SNAPSHOT\MFEX-3.DAT

Trojan.FakeDrop-180AX
D:\WINDOWS\180AX.EXE

Trojan.FakeDrop-2020Search
D:\WINDOWS\2020SEARCH.DLL
D:\WINDOWS\2020SEARCH2.DLL

Trojan.FakeDrop-764
D:\WINDOWS\764.EXE

Trojan.Fake-Drop/Gen
D:\WINDOWS\7SEARCH.DLL
D:\WINDOWS\BI.DLL
D:\WINDOWS\BIPREP.EXE
D:\WINDOWS\BJAM.DLL
D:\WINDOWS\BOKJA.EXE
D:\WINDOWS\CDSM32.DLL
D:\WINDOWS\FLT.DLL
D:\WINDOWS\INSTALLER\ID53.EXE
D:\WINDOWS\MSPPHE.DLL
D:\WINDOWS\MSSVR.EXE
D:\WINDOWS\SALM.EXE
D:\WINDOWS\SATMAT.EXE
D:\WINDOWS\STCLOADER.EXE
D:\WINDOWS\SUSP.EXE
D:\WINDOWS\SWIN32.DLL
D:\WINDOWS\SYSTEM32\MSIXU.DLL
D:\WINDOWS\SYSTEM32\VXDDSK.EXE
D:\WINDOWS\SYSTEM32\WER8274.DLL
D:\WINDOWS\SYSTEM32\WML.EXE
D:\WINDOWS\TEMP\SALM.EXE
D:\WINDOWS\UPDATETC.EXE
D:\WINDOWS\VOICEIP.DLL
D:\WINDOWS\VXDDSK.EXE
D:\WINDOWS\WML.EXE

Trojan.FakeDrop-PBar
D:\WINDOWS\PBAR.DLL

Trojan.FakeDrop-SAIEMod
D:\WINDOWS\SAIEMOD.DLL

Trojan.Downloader-WinCom32/Rootkit-Trace
D:\WINDOWS\SYSTEM32\WINCOM32.INI

Trojan.Downloader-Gen
D:\WINDOWS\SYSTEM32\WINPFZ32.SYS
D:\WINDOWS\SYSTEM32\WINSUB.XML

Adware.Unknown Origin
D:\WINDOWS\SYSTEM32\ZXDNT3D.CFG

Unclassified.Unknown Origin/System
D:\WINDOWS\UNINST2.HTM

Trace.Known Threat Sources
D:\Documents and Settings\Ceryn\Local Settings\Temporary Internet Files\Content.IE5\IJ2L456P\checkin[1].htm



great this one looks clean to me

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, August 4, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, August 04, 2009 21:07:29
Records in database: 2580417
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Files scanned: 60336
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 00:38:07

No malware has been detected. The scan area is clean.

The selected area was scanned.

Very good news that Kaspersky did not find anything.


Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• It will close all programs when run, so make sure you have saved all your work before you begin.
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ceryn at 2009-08-05 09:48:33
Microsoft Windows XP Professional Service Pack 2
System drive C: has 95 GB (63%) free of 153 GB
Total RAM: 1023 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:36 AM, on 8/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ceryn\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ceryn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://profile.myspa...iendid=66358382
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165438114823
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1165438098714
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4485 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2003-11-08 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-30 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-30 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-04-15 77824]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-09-26 35328]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2003-11-08 1948440]
"F5D7050v3"=C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe [2007-10-30 1654784]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-30 148888]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-07-28 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-22 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2003-11-08 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe"="C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-6-6-64-100022709-100006747-100027598-4254.com g:\
shell\Open\command - RECYCLER\S-6-6-64-100022709-100006747-100027598-4254.com g:\


======List of files/folders created in the last 1 months======

2009-08-05 09:48:33 ----D---- C:\rsit
2009-08-04 17:07:25 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-04 17:07:13 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-04 17:07:13 ----D---- C:\Documents and Settings\Ceryn\Application Data\SUPERAntiSpyware.com
2009-08-04 16:56:23 ----D---- C:\_OTL
2009-08-01 19:55:57 ----D---- C:\WINDOWS\system32\LogFiles
2009-08-01 19:35:36 ----D---- C:\Documents and Settings\Ceryn\Application Data\Adobe
2009-08-01 19:28:48 ----D---- C:\Documents and Settings\Ceryn\Application Data\Mozilla
2009-08-01 19:28:43 ----D---- C:\Program Files\Mozilla Firefox
2009-07-30 22:43:02 ----D---- C:\Program Files\Trend Micro
2009-07-30 21:31:49 ----D---- C:\WINDOWS\Sun
2009-07-30 21:31:28 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-30 21:31:28 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-30 21:31:28 ----A---- C:\WINDOWS\system32\java.exe
2009-07-30 21:31:28 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-30 21:31:09 ----D---- C:\Program Files\Java
2009-07-30 21:30:58 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-30 21:30:22 ----D---- C:\Documents and Settings\Ceryn\Application Data\Sun
2009-07-30 21:15:20 ----D---- C:\Documents and Settings\Ceryn\Application Data\Malwarebytes
2009-07-30 21:15:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-30 21:15:16 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-27 21:23:37 ----SHD---- C:\RECYCLER
2009-07-27 20:38:41 ----D---- C:\WINDOWS\temp
2009-07-27 20:38:40 ----A---- C:\ComboFix.txt
2009-07-27 20:34:33 ----A---- C:\WINDOWS\zip.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\SWSC.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\SWREG.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\sed.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\PEV.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\NIRCMD.exe
2009-07-27 20:34:33 ----A---- C:\WINDOWS\grep.exe
2009-07-27 20:34:30 ----SD---- C:\Combo-Fix
2009-07-27 20:34:30 ----D---- C:\WINDOWS\ERDNT
2009-07-27 20:33:59 ----D---- C:\Qoobox
2009-07-27 20:18:20 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-27 20:18:18 ----A---- C:\WINDOWS\system32\UpdateDriver.exe
2009-07-27 20:18:17 ----A---- C:\WINDOWS\system32\ucuiinfo.ini
2009-07-27 20:18:15 ----D---- C:\Program Files\Belkin
2009-07-27 20:17:58 ----D---- C:\Documents and Settings\Ceryn\Application Data\InstallShield

======List of files/folders modified in the last 1 months======

2009-08-05 09:46:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-05 09:46:19 ----D---- C:\WINDOWS\Prefetch
2009-08-04 17:11:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-04 17:08:17 ----D---- C:\WINDOWS\system32
2009-08-04 17:07:21 ----SHD---- C:\WINDOWS\Installer
2009-08-04 17:07:13 ----RD---- C:\Program Files
2009-08-04 17:06:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-08-04 17:06:54 ----D---- C:\Documents and Settings\Ceryn\Application Data\U3
2009-08-04 16:56:25 ----D---- C:\WINDOWS
2009-07-30 22:56:35 ----HD---- C:\$AVG8.VAULT$
2009-07-30 21:15:17 ----D---- C:\WINDOWS\system32\drivers
2009-07-27 20:38:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-27 20:38:07 ----A---- C:\WINDOWS\system.ini
2009-07-27 20:37:40 ----D---- C:\Program Files\Common Files
2009-07-27 20:37:23 ----D---- C:\WINDOWS\AppPatch
2009-07-27 20:24:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-27 20:18:23 ----HD---- C:\WINDOWS\inf
2009-07-27 20:18:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-27 19:27:41 ----D---- C:\WINDOWS\Minidump
2009-07-27 18:10:20 ----D---- C:\Documents and Settings
2009-07-27 18:10:11 ----A---- C:\WINDOWS\ntbtlog.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2003-11-08 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2003-11-08 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2003-11-08 108552]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-07-27 20747]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-22 1723904]
R3 RT73;Belkin Wireless 54G USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2007-10-02 451968]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 catchme;catchme; \??\C:\DOCUME~1\Ceryn\LOCALS~1\Temp\catchme.sys []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-22 413696]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2003-11-08 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2003-11-08 298776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-30 152984]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-08-22 520192]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-08-05 09:48:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Belkin 54Mbps Wireless Network Adapter-->C:\Program Files\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe -runfromtemp -l0x0009 -removeonly
Google Video Player-->"C:\Program Files\Google\Google Video Player\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo-->C:\PROGRA~1\VENTRI~1\UNWISE.EXE C:\PROGRA~1\VENTRI~1\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free (disabled)

======System event log======

Computer Name: MOLTENWHORE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 86
Source Name: Cdrom
Time Written: 20061016193851.000000-300
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 85
Source Name: Cdrom
Time Written: 20061016193815.000000-300
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 84
Source Name: Cdrom
Time Written: 20061016193746.000000-300
Event Type: warning
User:

Computer Name: MOLTENWHORE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 83
Source Name: Cdrom
Time Written: 20061016193717.000000-300
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 7
Message: The device, \Device\CdRom0, has a bad block.

Record Number: 82
Source Name: Cdrom
Time Written: 20061016193710.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: MOLTENWHORE
Event Code: 1000
Message: Faulting application setup.exe, version 8.5.0.385, faulting module setup.exe, version 8.5.0.385, fault address 0x000ec4bd.

Record Number: 724
Source Name: Application Error
Time Written: 20031107042734.000000-360
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 1000
Message: Faulting application avgtray.exe, version 8.5.0.354, faulting module avglngx.dll, version 8.5.0.338, fault address 0x0000238c.

Record Number: 717
Source Name: Application Error
Time Written: 20031107024442.000000-360
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 1000
Message: Faulting application avgui.exe, version 8.5.0.392, faulting module avglngx.dll, version 8.5.0.338, fault address 0x0000238c.

Record Number: 716
Source Name: Application Error
Time Written: 20031107024427.000000-360
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 1000
Message: Faulting application avgtray.exe, version 8.5.0.354, faulting module avglngx.dll, version 8.5.0.338, fault address 0x0000238c.

Record Number: 715
Source Name: Application Error
Time Written: 20031107024400.000000-360
Event Type: error
User:

Computer Name: MOLTENWHORE
Event Code: 1000
Message: Faulting application avgui.exe, version 8.5.0.392, faulting module avglngx.dll, version 8.5.0.338, fault address 0x0000238c.

Record Number: 714
Source Name: Application Error
Time Written: 20031107024330.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------



the computer is still freezing up sometimes

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :Reg
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}]
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done

Please download Dr.Web CureIt . Save it to your desktop:

• Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in the pop-up window to allow the scan.
• This will scan the files currently running in memory and if something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, select Complete scan.
• Click the green arrow at the right, and the scan will start.
• Click Yes to all if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click File and choose Save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Note:this report may need to be renamed to Dr.Web.txt in order to post it on the forum.
• Please post the Dr.Web.txt report in your next reply
• Close Dr.Web Cureit.
  
• Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on the X in the upper right corner.

dr web report

A0091489.exe;D:\System Volume Information\_restore{D3247657-7EBD-49B3-A1F1-DAD180FADA61}\RP74;Adware.Surfside;Incurable.Deleted.;
A0091490.exe;D:\System Volume Information\_restore{D3247657-7EBD-49B3-A1F1-DAD180FADA61}\RP74;Adware.Surfside;Incurable.Deleted.;

Please post the OTL log results as well.

Thanks

sorry and i even thought about it but forgot...my bad!

All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c4-11c5-11d8-9e7b-00110962b541}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8052b2c4-11c5-11d8-9e7b-00110962b541}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8052b2c5-11c5-11d8-9e7b-00110962b541}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8052b2c5-11c5-11d8-9e7b-00110962b541}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Ceryn
->Temp folder emptied: 33481 bytes
File delete failed. C:\Documents and Settings\Ceryn\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18507788 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 17.78 mb


OTL by OldTimer - Version 3.0.10.4 log created on 08052009_174239

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

No worries


How is your computer running?

well it is running better. i have yet to try again to boot from the D drive and the computer is still locking up sometimes but has been better since we started, i think you have done quite some good. i did just get a notice from avg

Resident Shield detection
"Infection" "Object" "Result" "Detection time" "Object Type" "Process"
"Runtime packed fsg" "D:\System Volume Information\_restore{D3247657-7EBD-49B3-A1F1-DAD180FADA61}\RP74\A0091485.exe" "" "8/5/2009, 8:04:12 PM" "file" "C:\WINDOWS\system32\svchost.exe"
"Runtime packed fsg" "C:\System Volume Information\_restore{D3247657-7EBD-49B3-A1F1-DAD180FADA61}\RP74\A0091484.exe" "" "8/5/2009, 8:04:06 PM" "file" "C:\WINDOWS\system32\svchost.exe"


and i am not sure if there is something you can suggest that we can check like the overall health of the pc because i would like to make this my primary but i have to get it stable enough to run for days on end if needed.

Well the good news is, those infections are in the System Restore, we will get to cleaning the system restore once you are all clean.


I would like to see a log of svchost.exe

• Please go to VirSCAN.org FREE on-line scan service
• Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
  
  
  • C:\WINDOWS\system32\svchost.exe
• Click on the Upload button
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.

copy to clipboard would not work so here is the link from my address bar and a copy of the page i hope you get what you need. and on a side note the computer locked within seconds of my last post...there is no warning it is just fine and then locked cold.

http://virscan.org/r...0b5d67b1cd.html

Language


Server load
Server Load
VirSCAN
Suspicious files to scan

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.





Current Position:
Current Scanner:
Last Scanned:
Suspicious degree:
File Name:
File Size:
File Type:
MD5:
SHA1:
Compressed:
Current Position: 0 / (0%)
Elapsed time: 0
Est Time Left: 0
Est Speed: 0

Main Menu
HOME About VirSCAN Report Help VirSCAN Submit Bugs Contact us

File information
File Name : svchost.exe
File Size : 14336 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 8f078ae4ed187aaabc0a305146de6716
SHA1 : da0ff4006859a7580aba81f486f692dead2014fe

Scanner results
Scanner results : All Scanners reported not find malware!
Time : 2009/08/05 11:48:50 (EDT)
Scanner ↓ Engine Ver Sig Ver Sig Date Scan result Time
a-squared 4.5.0.3 20090805222744 2009-08-05
-
0.328
AhnLab V3 2009.08.03.08 2009.08.03 2009-08-03
-
0.925
AntiVir 8.2.0.240 7.1.5.75 2009-08-05
-
0.163
Antiy 2.0.18 20090804.2672262 2009-08-04
-
0.120
Arcavir 2009 200908050752 2009-08-05
-
0.030
Authentium 5.1.1 200908051300 2009-08-05
-
1.264
AVAST! 4.7.4 090805-0 2009-08-05
-
0.004
AVG 8.5.288 270.13.44/2283 2009-08-05
-
0.326
BitDefender 7.81008.3833772 7.27008 2009-08-05
-
3.357
CA (VET) 9.0.0.143 31.6.6658 2009-08-05
-
14.257
ClamAV 0.95.2 9655 2009-08-05
-
0.010
Comodo 3.10 1875 2009-08-05
-
0.764
CP Secure 1.1.0.715 2009.08.05 2009-08-05
-
11.687
Dr.Web 4.44.0.9170 2009.08.05 2009-08-05
-
5.102
F-Prot 4.4.4.56 20090804 2009-08-04
-
1.194
F-Secure 7.02.73807 2009.07.29.10 2009-07-29
-
12.554
Fortinet 2.81-3.120 10.681 2009-08-05
-
0.268
GData 19.6887/19.427 20090805 2009-08-05
-
4.896
Ikarus T3.1.01.64 2009.08.05.73162 2009-08-05
-
3.229
JiangMin 11.0.800 2009.08.05 2009-08-05
-
4.437
Kaspersky 5.5.10 2009.08.05 2009-08-05
-
0.059
KingSoft 2009.2.5.15 2009.8.5.18 2009-08-05
-
0.704
McAfee 5.3.00 5698 2009-08-04
-
3.032
Microsoft 1.4903 2009.08.05 2009-08-05
-
5.157
Norman 6.01.09 6.01.00 2009-08-04
-
0.103
nProtect 20090805.02 4971415 2009-08-05
-
6.901
Panda 9.05.01 2009.08.05 2009-08-05
-
2.016
Quick Heal 10.00 2009.08.05 2009-08-05
-
1.061
Rising 20.0 21.41.24.00 2009-08-05
-
0.994
Sophos 2.89.1 4.44 2009-08-05
-
2.806
Sunbelt 5313 5313 2009-08-04
-
1.188
Symantec 1.3.0.24 20090804.003 2009-08-04
-
0.051
The Hacker 6.3.4.3 v00375 2009-07-31
-
0.672
Trend Micro 8.700-1004 6.344.06 2009-08-05
-
0.025
VBA32 3.12.10.9 20090804.1427 2009-08-04
-
1.839
ViRobot 20090730 2009.07.30 2009-07-30
-
0.457
VirusBuster 4.5.11.10 10.111.4/1835396 2009-08-05
-
2.348
Note: this file has been scanned before. Therefore, this file's scan result will not be stored in the database
Copy to clipboard