[Pazma]

I've searched Google but with no luck, can you guys help me please? The object in AVG also says C:\Windows\system32\lspfkd.dll attachment pic provided.
Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:28, on 24/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\RegCure\RegCure.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [YFgOeVQURu] C:\DOCUME~1\Joe\LOCALS~1\Temp\Firefox Updater OUm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\lspfkd.dll' missing
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F170028-5356-4B77-9776-8D45A7C1B4D8}: NameServer = 192.168.1.2,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7F170028-5356-4B77-9776-8D45A7C1B4D8}: NameServer = 192.168.1.2,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7F170028-5356-4B77-9776-8D45A7C1B4D8}: NameServer = 192.168.1.2,192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c9e3d4e5609eba) (gupdate1c9e3d4e5609eba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7303 bytes

Attached Thumbnails

• 

[Advertisements]

Hello and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Please note that I am still in training and my replies need to be checked by an expert. This means there may be a small delay between my posts. Please bear with me.

I am looking through your log now and will reply as soon as possible.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.

[hammerman]

Hello and welcome to GeeksToGo.
I'm hammerman and I'm going to help you fix your problem.

Please note that I am still in training and my replies need to be checked by an expert. This means there may be a small delay between my posts. Please bear with me.

I am looking through your log now and will reply as soon as possible.

Before we begin, I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.

[hammerman]

Hi Pazma,

Can you please carry out the following steps.

-- Step 1 --

Set Explorer to view Hidden Files and Folders:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Show all Files and Folders
• Select Apply to All Folders | Yes | Apply | OK.

Go to this link, fill in your username and the link to this thread (http://www.geekstogo...71#entry1568671), then click on browse and locate this file on your computer, then click on "send file".

c:\windows\system32\lspfkd.dll

Set Explorer to Defaults:

• Right-click your Start button and go to "Explore".
• Select Tools from the menu
• Select Folder Options
• Select the View tab
• Click on Restore Defaults
• Select Apply to All Folders | Yes | Apply | OK

-- Step 2 --

A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.1. Please download LSPFix from here.
2. Run the LSPFix.exe that you have just finished downloading.
3. Check the I know what I'm doing box.
4. In the Keep box you should see one or more instances of lspfkd.dll.
5. Select every instance of lspfkd.dll and move each one to the Remove box by clicking the >> button.
6. When you are done click Finish>>.
-- Step 3 --

Download Rooter.exe to your desktop

1. Double click it to start the tool.
2. A Notepad file containing the report will open, also found at %systemdrive%(usually C:)\Rooter.txt. Copy and paste it with your OTLI log.

-- Step 4 --

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

[Pazma]

Hi thanks for your reply. However, when I tried to follow step 2 to upload the file to uploadmalware.com I couldn't find the file in system32 folder (it wasn't hidden). It may be that my anti virus changed it when I selected to movie it to the virus vault. I'm using AVG Free 8.5.339. What do I do next? Do I continue with the other steps? Thanks for your help.

[hammerman]

Yes, please continue with the other steps.

[Pazma]

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 2
[32_bits] - x86 Family 15 Model 44 Stepping 2, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 6.0.2900.2180
.
C:\ [Fixed-NTFS] .. ( Total:149 Go - Free:10 Go )
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [CD_Rom]
K:\ [CD_Rom]
.
Scan : 18:44.09
Path : C:\Documents and Settings\Joe\Desktop\Rooter.exe
User : Joe ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (596)
______ \??\C:\WINDOWS\system32\csrss.exe (660)
______ \??\C:\WINDOWS\system32\winlogon.exe (684)
______ C:\WINDOWS\system32\services.exe (728)
______ C:\WINDOWS\system32\lsass.exe (740)
______ C:\WINDOWS\system32\svchost.exe (884)
______ C:\WINDOWS\system32\svchost.exe (964)
______ C:\WINDOWS\System32\svchost.exe (1004)
______ C:\WINDOWS\system32\svchost.exe (1052)
______ C:\WINDOWS\Explorer.EXE (1416)
______ C:\WINDOWS\system32\spoolsv.exe (1492)
______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1552)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (1572)
______ C:\Program Files\Bonjour\mDNSResponder.exe (1584)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1652)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (1700)
______ C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (1796)
______ C:\WINDOWS\system32\svchost.exe (1884)
______ C:\WINDOWS\system32\VTTimer.exe (260)
______ C:\WINDOWS\system32\VTtrayp.exe (276)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (300)
______ C:\Program Files\VIAudioi\SBADeck\ADeck.exe (312)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (384)
______ C:\Program Files\Java\jre6\bin\jusched.exe (456)
______ C:\Program Files\DAEMON Tools Lite\daemon.exe (496)
______ C:\WINDOWS\system32\ctfmon.exe (512)
______ C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe (704)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (852)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1024)
______ C:\WINDOWS\system32\svchost.exe (1044)
______ C:\WINDOWS\system32\wscntfy.exe (1776)
______ C:\WINDOWS\System32\alg.exe (2096)
______ C:\WINDOWS\System32\svchost.exe (3336)
______ C:\Program Files\Mozilla Firefox\firefox.exe (1480)
______ C:\Documents and Settings\Joe\Desktop\Rooter.exe (2584)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:160039240704)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
Rootkit! ... [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit! ... [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_TDSSSERV.SYS]
Rootkit! ... [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV.SYS]
.
----------------------\\ Files & Folders
.
C:\WINDOWS\system32\TDSSmtvd.dat
C:\WINDOWS\system32\TDSSnrsr.dat
C:\WINDOWS\system32\TDSSosvn.dat
C:\WINDOWS\system32\TDSSfpmp.dll
C:\WINDOWS\system32\TDSSlxwp.dll
C:\WINDOWS\system32\TDSStkdv.dll
C:\WINDOWS\system32\TDSSkkbi.log
C:\WINDOWS\system32\TDSSkpjp.log
C:\WINDOWS\system32\TDSStkdv.log
==> ROOTKIT Tibs <==
.
----------------------\\ Scan completed at 18:44.50
.
C:\Rooter$\Rooter_1.txt - (26/06/2009 | 18:44.50)

------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

OTL logfile created on: 26/06/2009 18:57:56 - Run 2
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 153.64 Mb Available Physical Memory | 32.04% Memory free
1.14 Gb Paging File | 0.80 Gb Available in Paging File | 70.24% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 10.93 Gb Free Space | 7.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOESPC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe ()
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (s125bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125bus.sys (MCCI Corporation)
DRV - (s125mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mdfl.sys (MCCI Corporation)
DRV - (s125mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mdm.sys (MCCI Corporation)
DRV - (s125mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125obex.sys (MCCI Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (symsnap [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (V0090VID [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\V0090Vid.sys (PixArt Imaging Inc.)
DRV - (v2imount [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v2imount.sys (Symantec Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ie...en&source=iglk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/11/23 02:32:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/05/02 16:03:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/05/02 16:03:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/24 01:59:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 19:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/24 01:59:51 | 00,000,000 | ---D | M]

[2008/06/01 01:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2008/06/01 01:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/25 06:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions
[2009/04/28 19:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/04/28 19:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/03/03 23:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2009/05/10 21:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/08 20:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/11 05:42:20 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\FireFox\Profiles\yhftx2ou.default\searchplugins\daemon-search.xml
[2008/04/17 16:49:46 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\FireFox\Profiles\yhftx2ou.default\searchplugins\youtube-video-search.xml
[2009/06/25 06:01:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 19:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/29 20:09:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/06/24 02:00:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/12 19:10:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 19:10:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 01:59:29 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 19:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/12 19:10:43 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/02/25 04:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/25 04:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/29 22:29:19 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/29 22:29:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 22:29:19 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/29 22:29:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 22:29:19 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/29 22:29:19 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 22:29:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 22:29:19 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKLM..\Run: [YFgOeVQURu] C:\Documents and Settings\Joe\Local Settings\Temp\Firefox Updater OUm.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [StumbleUpon Alerter] File not found
O4 - HKCU..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk = C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 19:25:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/06/26 18:44:50 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/26 18:42:45 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/06/26 18:42:19 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Joe\Desktop\Rooter.exe
[2009/06/26 18:40:55 | 00,186,880 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Joe\Desktop\LSPFix.exe
[2009/06/25 09:45:35 | 00,305,598 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\grave.chi
[2009/06/24 18:03:30 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Mahjongg II.lnk
[2009/06/24 18:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Novel Games
[2009/06/24 12:53:45 | 00,001,059 | ---- | C] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk
[2009/06/24 12:53:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn
[2009/06/24 12:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/24 10:48:47 | 00,113,584 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\avg.JPG
[2009/06/24 10:27:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/06/24 10:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/23 23:42:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2009/06/08 00:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2009/06/02 23:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/06/02 23:50:07 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/28 18:26:51 | 00,003,051 | ---- | C] () -- C:\WINDOWS\System32\f4fa3dbbbb.ax
[2008/11/30 01:34:08 | 00,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/30 01:31:19 | 00,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/11/22 00:19:13 | 00,002,351 | ---- | C] () -- C:\WINDOWS\System32\TDSStkdv.dll
[2008/11/22 00:13:05 | 00,002,351 | ---- | C] () -- C:\WINDOWS\System32\TDSSfpmp.dll
[2008/11/21 20:47:03 | 00,002,351 | ---- | C] () -- C:\WINDOWS\System32\TDSSlxwp.dll
[2008/10/15 19:10:32 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/01 15:08:36 | 00,000,838 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/06/11 12:23:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/04/30 04:55:34 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2008/04/15 17:27:08 | 00,000,656 | ---- | C] () -- C:\WINDOWS\rally.ini
[2008/03/24 04:55:40 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/03/13 03:29:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/03 23:42:19 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/03 23:42:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/03 23:42:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/03 23:42:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 23:42:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/03 23:42:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/01 19:28:27 | 00,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/01 04:11:16 | 00,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/03/01 04:07:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2008/02/29 19:28:04 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 13:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/06/26 18:42:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/06/26 18:42:20 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Joe\Desktop\Rooter.exe
[2009/06/26 18:40:55 | 00,186,880 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Joe\Desktop\LSPFix.exe
[2009/06/26 15:35:19 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/26 15:35:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/26 15:34:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/26 13:39:24 | 37,480,919 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/26 13:39:24 | 00,099,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/25 18:08:27 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\My Sharing Folders.lnk
[2009/06/25 13:55:14 | 00,059,904 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/25 09:45:37 | 00,305,598 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\grave.chi
[2009/06/24 18:03:30 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Mahjongg II.lnk
[2009/06/24 12:53:45 | 00,001,059 | ---- | M] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk
[2009/06/24 10:48:47 | 00,113,584 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\avg.JPG
[2009/06/24 10:27:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/06/24 10:19:51 | 00,000,394 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Shortcut to Shared Documents.lnk
[2009/06/20 21:29:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/20 21:17:33 | 00,003,051 | ---- | M] () -- C:\WINDOWS\System32\f4fa3dbbbb.ax
[2009/05/30 13:33:39 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

OTL Extras logfile created on: 26/06/2009 18:45:42 - Run 1
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 233.71 Mb Available Physical Memory | 48.74% Memory free
1.14 Gb Paging File | 0.85 Gb Available in Paging File | 74.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 10.93 Gb Free Space | 7.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOESPC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.ini [@ = GetDiz.Document] -- C:\Program Files\GetDiz\GetDiz.exe (Outertech - http://outertech.com)
.txt [@ = GetDiz.Document] -- C:\Program Files\GetDiz\GetDiz.exe (Outertech - http://outertech.com)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver (www.sopcast.com)
C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application (www.sopcast.com)
C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek ()
C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts (Zhejiang University)
C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component (TVU networks)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Disabled:Football Manager 2008 File not found
C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost File not found
C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard (Microsoft Corporation)
C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic (Gabest)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe:*:Disabled:Football Manager 2009 File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B43252C-A1E3-4C47-927C-9F2C276D3515}" = S3GSetup
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD10681F-2764-4600-885C-62F658BB3D3F}" = FMRTE
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E34E9B33-46EC-4252-A52F-DDA3978CC0AF}" = Syberia
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Autobahn" = Autobahn
"AVG8Uninstall" = AVG 8.5
"CamStudio" = CamStudio
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Creative VF0090" = Creative WebCam Vista Plus Driver (1.02.02.0414)
"CureROM" = CureROM Pro 2.0.2
"DVD Flick_is1" = DVD Flick
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GetDiz 4.0" = GetDiz 4.0
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.0
"Ladbrokes Poker" = Ladbrokes Poker
"Mahjongg II_is1" = Mahjongg II 1.1.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (November 2008)" = Microsoft DirectX SDK (November 2008)
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Network Play System (Patching)" = Network Play System (Patching)
"PokerStars" = PokerStars
"PRJPRO" = Microsoft Office Project Professional 2007
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Soulseek" = SoulSeek Client 156c
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"UndeletePlus_is1" = Undelete Plus 2.98
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VIA/S3G Display Driver" = VIA/S3G Display Driver
"VIA/S3G UniChrome Family Win2K/XP Display" = VIA/S3G Display Driver
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VideoLAN VLC media player 0.8.6e
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WebDesigner" = Microsoft Expression Web
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ OSession Events ]
Error - 11/05/2008 01:14:49 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/05/2008 14:28:26 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/05/2008 14:48:08 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 29
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/05/2008 14:48:16 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/05/2008 14:48:28 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19/06/2008 05:16:13 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/09/2008 14:38:21 | Computer Name = JOES-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 226
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 05/12/2008 07:36:18 | Computer Name = JOES-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. Network operations
on this system may be disrupted as a result.

Error - 05/12/2008 07:36:22 | Computer Name = JOES-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. Network operations
on this system may be disrupted as a result.

Error - 05/12/2008 07:36:24 | Computer Name = JOES-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. Network operations
on this system may be disrupted as a result.

Error - 05/12/2008 07:36:25 | Computer Name = JOES-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. Network operations
on this system may be disrupted as a result.

Error - 05/12/2008 07:36:29 | Computer Name = JOES-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. Network operations
on this system may be disrupted as a result.

Error - 07/12/2008 21:38:11 | Computer Name = JOES-PC | Source = Tcpip | ID = 4198
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00:12:3F:76:EB:BB. The local interface
has been disabled.

Error - 06/05/2009 12:01:50 | Computer Name = JOESPC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft Office Document Image
Writer share name Printer3.

Error - 13/05/2009 13:21:57 | Computer Name = JOESPC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer2.

Error - 21/05/2009 12:09:20 | Computer Name = JOESPC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Send To OneNote 2007 share
name Printer.

Error - 30/05/2009 08:33:03 | Computer Name = JOESPC | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Send To OneNote 2007 share
name Printer.


< End of report >

------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

I think that's it.

[hammerman]

Hi Pazma,

Looks like you fixed that lspfkd.dll file.

Now lets deal with the rootkit. Please follow these steps.

-- Step 1 --

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3




--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt report

-- Step 2 --

Carry out a fresh OTL scan and post the log.

[Pazma]

"Double click on Combo-Fix.exe & follow the prompts.

* When finished, it will produce a report for you.
* Please post the C:\ComboFix.txt report"

I can't, when I try to run it it says that AVG is running and it could damage my pc. I can't seem to find how to turn off AVG without uninstalling it. What do you suggest?

[hammerman]

Hi Pazma,

You need to disable AVG before running Combofix.

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Shield > Uncheck the Resident Shield Active box > Save Changes.

[Pazma]

Hi, thanks again. Interestingly Combofix changed my desktop pic back to one I had ages ago. Here's the log.

ComboFix 09-06-26.02 - Joe 27/06/2009 10:31.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.353.1033.18.479.110 [GMT 1:00]
Running from: c:\documents and settings\Joe\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\patchw32.dll
c:\windows\pw32a.dll
c:\windows\system32\TDSSfpmp.dll
c:\windows\system32\TDSSkkbi.log
c:\windows\system32\TDSSkpjp.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSmtvd.dat
c:\windows\system32\TDSSnrsr.dat
c:\windows\system32\TDSSosvn.dat
c:\windows\system32\TDSStkdv.dll
c:\windows\system32\TDSStkdv.log

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-06-27 )))))))))))))))))))))))))))))))
.

2009-06-26 17:44 . 2009-06-26 17:44 -------- d-----w- C:\Rooter$
2009-06-24 17:03 . 2009-06-24 17:03 -------- d-----w- c:\program files\Novel Games
2009-06-24 11:53 . 2009-06-24 11:54 -------- d-----w- c:\documents and settings\Joe\.autobahn
2009-06-24 11:53 . 2009-06-24 11:53 -------- d-----w- c:\documents and settings\Joe\Local Settings\Application Data\Autobahn
2009-06-24 09:27 . 2009-06-24 09:27 -------- d-----w- c:\program files\Trend Micro
2009-06-24 00:59 . 2009-06-24 00:59 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-24 00:59 . 2009-06-24 00:59 152576 ----a-w- c:\documents and settings\Joe\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-23 22:42 . 2009-06-23 22:42 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-07 23:16 . 2009-06-24 11:47 -------- d-----w- c:\program files\URUSoft
2009-06-03 01:02 . 2009-06-03 01:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-02 22:53 . 2009-06-02 22:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-02 22:50 . 2009-06-02 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-26 22:59 . 2008-02-29 20:27 -------- d-----w- c:\documents and settings\Joe\Application Data\uTorrent
2009-06-26 22:56 . 2009-04-30 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-25 14:32 . 2008-06-19 13:37 -------- d-----w- c:\program files\PokerStars
2009-06-24 11:46 . 2008-03-20 01:08 -------- d-----w- c:\program files\Google
2009-06-24 00:59 . 2008-02-29 18:27 -------- d-----w- c:\program files\Java
2009-06-23 04:30 . 2009-05-09 15:41 -------- d-----w- c:\documents and settings\Joe\Application Data\Microgaming
2009-06-13 05:10 . 2008-02-29 20:47 -------- d-----w- c:\program files\Soulseek
2009-06-03 12:52 . 2008-03-01 17:40 -------- d-----w- c:\program files\Bonjour
2009-06-03 12:51 . 2008-11-07 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive
2009-05-19 19:46 . 2009-05-19 19:46 -------- d-----w- c:\program files\TouchStoneSoftware
2009-05-15 13:10 . 2008-09-20 14:34 -------- d-----w- c:\program files\Microsoft Silverlight
2009-05-15 13:04 . 2008-03-01 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-09 16:22 . 2009-04-30 05:06 -------- d-----w- c:\documents and settings\Joe\Application Data\AVGTOOLBAR
2009-05-09 12:44 . 2009-05-09 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
2009-05-09 12:44 . 2008-03-01 15:07 -------- d-----w- c:\program files\TVUPlayer
2009-05-09 12:41 . 2009-05-09 12:41 5588312 ----a-w- c:\documents and settings\Joe\Application Data\TVU networks\TVU AutoUpgrade\TVUPlayer2.4.5.1.exe
2009-05-04 14:07 . 2009-05-10 20:58 2298680 ----a-w- c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]\plugins\npTVUAx.dll
2009-05-02 16:13 . 2008-03-01 14:53 -------- d-----w- c:\program files\TVAnts
2009-05-02 15:01 . 2009-04-30 05:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-02 15:01 . 2008-02-29 20:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-02 15:01 . 2009-04-30 05:06 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 15:00 . 2009-04-30 05:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 05:06 . 2008-02-29 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-04-30 05:06 . 2009-04-30 05:06 -------- d-----w- c:\program files\AVG
.

------- Sigcheck -------

[7] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
[-] 2008-07-17 01:08 360320 3ADCE4790F591BF160A94F6F08039577 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2008-07-17 01:08 360320 3ADCE4790F591BF160A94F6F08039577 c:\windows\system32\drivers\TCPIP.SYS

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-02 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 450560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-02 1947928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-24 148888]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-14 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2007-04-25 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Joe\Start Menu\Programs\Startup\
autobahn.lnk - c:\documents and settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe [2009-6-2 710360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-02 15:01 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30/04/2009 06:06 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30/04/2009 06:06 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [30/04/2009 06:06 298776]
S3 V0090VID;Creative WebCam Vista Plus;c:\windows\system32\drivers\V0090Vid.sys [01/03/2008 04:25 138112]
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-02 22:50]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-StumbleUpon Alerter - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {7F170028-5356-4B77-9776-8D45A7C1B4D8} = 192.168.1.2,192.168.1.1
FF - ProfilePath - c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig?hl=en&source=iglk
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Joe\Application Data\Mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]\plugins\npTVUAx.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-27 10:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1614895754-412668190-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*e*ê*l%\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4028)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-27 10:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-27 09:46

Pre-Run: 14,831,665,152 bytes free
Post-Run: 16,316,715,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

197 --- E O F --- 2009-05-15 13:09

[hammerman]

Hi Pazma,

Could you do the OTL scan and post the log.

Thanks.

[Pazma]

Oh yea, sorry about that, I forgot. Here it is:

OTL logfile created on: 27/06/2009 15:25:57 - Run 3
OTL by OldTimer - Version 3.0.5.3 Folder = C:\Documents and Settings\Joe\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

479.48 Mb Total Physical Memory | 252.91 Mb Available Physical Memory | 52.75% Memory free
1.14 Gb Paging File | 0.85 Gb Available in Paging File | 74.02% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 15.04 Gb Free Space | 10.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOESPC
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
PRC - C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe ()
PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AmdK8 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\AmdK8.sys (Advanced Micro Devices)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (FETND5BV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (s125bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125bus.sys (MCCI Corporation)
DRV - (s125mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mdfl.sys (MCCI Corporation)
DRV - (s125mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mdm.sys (MCCI Corporation)
DRV - (s125mgmt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125mgmt.sys (MCCI Corporation)
DRV - (s125obex [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\s125obex.sys (MCCI Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ss_bus [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_bus.sys (MCCI)
DRV - (ss_mdfl [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys (MCCI)
DRV - (ss_mdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ss_mdm.sys (MCCI)
DRV - (StarOpen [System | Running]) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (symsnap [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (V0090VID [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\V0090Vid.sys (PixArt Imaging Inc.)
DRV - (v2imount [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\v2imount.sys (Symantec Corporation)
DRV - (viaagp1 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (viagfx [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\vtmini.sys (Copyright © VIA/S3 Graphics Co, Ltd.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.ie...en&source=iglk"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.19
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: [email protected]:4.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {37fa1426-b82d-11db-8314-0800200c9a66}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2008/11/23 02:32:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/05/02 16:03:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1d5287d1-8a92-0001-1f31-1cec198018d8}: C:\Program Files\AVG\AVG8\ToolbarFF [2009/05/02 16:03:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/06/24 01:59:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 19:10:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/24 01:59:51 | 00,000,000 | ---D | M]

[2008/06/01 01:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions
[2008/06/01 01:08:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/25 06:01:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions
[2009/04/28 19:20:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}
[2009/04/28 19:20:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2008/03/03 23:42:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2009/05/10 21:58:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/08 20:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Application Data\mozilla\Firefox\Profiles\yhftx2ou.default\extensions\[email protected]
[2008/08/11 05:42:20 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\FireFox\Profiles\yhftx2ou.default\searchplugins\daemon-search.xml
[2008/04/17 16:49:46 | 00,002,109 | ---- | M] () -- C:\Documents and Settings\Joe\Application Data\Mozilla\FireFox\Profiles\yhftx2ou.default\searchplugins\youtube-video-search.xml
[2009/06/25 06:01:36 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 19:10:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/02/29 20:09:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/06/24 02:00:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/06/12 19:10:43 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 19:10:43 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 01:59:29 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/10/17 19:29:52 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/06/27 17:03:12 | 01,446,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/06/12 19:10:43 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/02/25 04:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/11/01 01:16:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/02/25 04:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/29 22:29:19 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/29 22:29:19 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/29 22:29:19 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/29 22:29:19 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/29 22:29:19 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/29 22:29:19 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/29 22:29:19 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/29 22:29:19 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Program Files\AVG\AVG8\avgtoolbar.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\VTtrayp.exe (S3 Graphics Co., Ltd.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk = C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn\autobahn.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Ladbrokes Poker - {C2A80015-C447-4dc4-82DD-AED83D6ED57E} - C:\Microgaming\Poker\ladbrokesMPP\MPPoker.exe (Microgaming)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/29 19:25:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[9 C:\WINDOWS\*.tmp files]
[2009/06/27 11:02:50 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/27 10:44:43 | 01,580,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\sfcfiles.dll
[2009/06/27 10:44:43 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kernel32.dll
[2009/06/27 10:44:43 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\termsrv.dll
[2009/06/27 10:44:43 | 00,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\imm32.dll
[2009/06/27 10:44:43 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\spoolsv.exe
[2009/06/27 10:44:43 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wuauclt.exe
[2009/06/27 10:44:43 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\userinit.exe
[2009/06/27 10:44:43 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\kbdclass.sys
[2009/06/27 10:44:43 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\powrprof.dll
[2009/06/27 10:44:43 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ctfmon.exe
[2009/06/27 10:44:42 | 02,180,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntoskrnl.exe
[2009/06/27 10:44:42 | 02,057,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ntkrnlpa.exe
[2009/06/27 10:44:42 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\explorer.exe
[2009/06/27 10:44:42 | 00,659,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\wininet.dll
[2009/06/27 10:44:42 | 00,577,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\user32.dll
[2009/06/27 10:44:42 | 00,502,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\winlogon.exe
[2009/06/27 10:44:42 | 00,182,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ndis.sys
[2009/06/27 10:44:42 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\services.exe
[2009/06/27 10:44:42 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ws2_32.dll
[2009/06/27 10:44:42 | 00,029,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\ip6fw.sys
[2009/06/27 10:44:42 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\svchost.exe
[2009/06/27 10:44:42 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cache\lsass.exe
[2009/06/27 10:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/06/27 10:28:17 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/06/27 10:28:12 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/06/27 10:28:06 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/06/27 10:25:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/06/27 10:25:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/06/27 10:25:33 | 00,155,136 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/27 10:25:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/06/27 10:25:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/27 10:25:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/27 10:25:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/27 10:25:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/06/26 23:52:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/26 23:51:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/06/26 23:50:02 | 03,042,087 | R--- | C] () -- C:\Documents and Settings\Joe\Desktop\Combo-Fix.exe
[2009/06/26 18:44:50 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/26 18:42:45 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/06/26 18:42:19 | 00,173,119 | ---- | C] (Eric_71) -- C:\Documents and Settings\Joe\Desktop\Rooter.exe
[2009/06/26 18:40:55 | 00,186,880 | ---- | C] (CEXX.ORG) -- C:\Documents and Settings\Joe\Desktop\LSPFix.exe
[2009/06/25 09:45:35 | 00,305,598 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\grave.chi
[2009/06/24 18:03:30 | 00,000,838 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\Mahjongg II.lnk
[2009/06/24 18:03:25 | 00,000,000 | ---D | C] -- C:\Program Files\Novel Games
[2009/06/24 12:53:45 | 00,001,059 | ---- | C] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk
[2009/06/24 12:53:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Autobahn
[2009/06/24 12:46:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/24 10:48:47 | 00,113,584 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\avg.JPG
[2009/06/24 10:27:04 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/06/24 10:27:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/23 23:42:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2009/06/08 00:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\URUSoft
[2009/06/02 23:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/06/02 23:50:07 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/05/28 18:26:51 | 00,003,051 | ---- | C] () -- C:\WINDOWS\System32\f4fa3dbbbb.ax
[2008/10/15 19:10:32 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/09/01 15:08:36 | 00,000,838 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008/06/11 12:23:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI
[2008/04/30 04:55:34 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2008/04/15 17:27:08 | 00,000,656 | ---- | C] () -- C:\WINDOWS\rally.ini
[2008/03/24 04:55:40 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/03/13 03:29:01 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/03 23:42:19 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/03 23:42:16 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/03 23:42:16 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/03 23:42:16 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 23:42:15 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/03 23:42:15 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/03/01 19:28:27 | 00,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/01 04:11:16 | 00,061,440 | R--- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2008/03/01 04:07:55 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2008/02/29 19:28:04 | 00,000,996 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/04 13:00:00 | 00,000,582 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 13:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/06/27 14:38:22 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/27 11:27:02 | 00,062,464 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/27 10:40:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/27 10:39:31 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/27 10:39:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/27 10:39:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/27 10:28:17 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/06/27 10:18:25 | 37,519,641 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/06/27 10:18:25 | 00,099,574 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/06/26 23:50:38 | 03,042,087 | R--- | M] () -- C:\Documents and Settings\Joe\Desktop\Combo-Fix.exe
[2009/06/26 18:42:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe
[2009/06/26 18:42:20 | 00,173,119 | ---- | M] (Eric_71) -- C:\Documents and Settings\Joe\Desktop\Rooter.exe
[2009/06/26 18:40:55 | 00,186,880 | ---- | M] (CEXX.ORG) -- C:\Documents and Settings\Joe\Desktop\LSPFix.exe
[2009/06/25 18:08:27 | 00,000,575 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\My Sharing Folders.lnk
[2009/06/25 09:45:37 | 00,305,598 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\grave.chi
[2009/06/24 18:03:30 | 00,000,838 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\Mahjongg II.lnk
[2009/06/24 12:53:45 | 00,001,059 | ---- | M] () -- C:\Documents and Settings\Joe\Start Menu\Programs\Startup\autobahn.lnk
[2009/06/24 10:48:47 | 00,113,584 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\avg.JPG
[2009/06/24 10:27:04 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Joe\Desktop\HijackThis.lnk
[2009/06/24 10:19:51 | 00,000,394 | ---- | M] () -- C:\Documents and Settings\Joe\My Documents\Shortcut to Shared Documents.lnk
[2009/06/20 21:29:16 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/20 21:17:33 | 00,003,051 | ---- | M] () -- C:\WINDOWS\System32\f4fa3dbbbb.ax
[2009/06/08 08:10:10 | 00,155,136 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/30 13:33:39 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
< End of report >

[hammerman]

Hi Pazma,

Your logs look a lot better now. A few more checks to make sure.

-- Step 1 --

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\System32\f4fa3dbbbb.ax
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the report file produced by this fix.

-- Step 2 --

I notice you are running the Peer-to-Peer (P2P) program uTorrent. The files shared by P2P programs are often infected with viruses and malware, even though they may appear to be legitimate. It is your decision but I would not recommend you use P2P programs and you uninstall uTorrent. If you need any assistance with this, please let me know.

An article indicating the Dangers of P2P can be found here

-- Step 3 --

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

-- Step 4 --

Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.

Please go to the link below to update.

http://www.adobe.com.../readstep2.html

-- Step 5 --

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

-- Step 6 --

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Your reply should include
1. the OTL fix report
2. the MBAM report
3. the Kaspersky report

Can you also tell me how your computer is running now.
Thanks.

[hammerman]

Do you need any more assistance Pazma?

Edited by hammerman, 02 July 2009 - 12:13 AM.

[Pazma]

Oh sorry, I've been so busy around here that I've completely forgot to post. I think I'm o.k for now thanks, the pc is running well and I'll have a new one soon so it's a bit irrelevant to fix up this.

Thanks guys for all your help, sorry again for not getting back to ya.

Topic closed.