Jump to content

Free help from tech experts
Welcome to Geeks to Go forums. Create an account now to gain access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing topics, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. Best of all, registration and all assistance is 100% free! This message, and all ads will be removed once you have signed in.
Sign In Create Account

Fake anti-virus software won't let me run anything [Solved]


  • This topic is locked This topic is locked

#1
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
I started reading up on it and tried the various easy solutions, I'm pretty good with computers but, when you start talking about codes & stuff, it's over my head. Like, I have no idea what a HijackThis log or whatever is. I have installed and ran: SUPERAntiSpyware, Malwarebytes, ATG, & SmitFraudFix to no avail. Yes, I have followed the directions very carefully and it still did not work. I've tried to run my AVG but, all it gives me is a prompt screen to do it in Safe Mode and takes forever.

I have to restart into safe mode and works. I can continue to do my work in safe mode but, I don't want my laptop to be in safe mode for the rest of it's life.

Can someone PLEASE help? :)

Here is the OTS Report.

Thank you! :)


OTS logfile created on: 6/30/2010 12:36:23 PM - Run 4
OTS by OldTimer - Version 3.1.20.1	 Folder = C:\Users\Smashley\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,013.00 Mb Total Physical Memory | 579.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 52.40 Gb Free Space | 47.50% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SMASH2THELEY
Current User Name: Smashley
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
avastui.exe -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe -> [2010/03/09 05:24:10 | 002,769,336 | ---- | M] (ALWIL Software)
ots.exe -> C:\Users\Smashley\Downloads\OTS.exe -> [2010/02/07 12:43:50 | 000,632,320 | ---- | M] (OldTimer Tools)
unsecapp.exe -> C:\Windows\System32\wbem\unsecapp.exe -> [2009/04/11 01:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
ots.exe -> C:\Users\Smashley\Downloads\OTS.exe -> [2010/02/07 12:43:50 | 000,632,320 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll -> [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(avg9wd) AVG Free WatchDog [Auto | Stopped] -> C:\Program Files\AVG\AVG9\avgwdsvc.exe -> [2010/06/30 12:25:58 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.)
(WPFFontCache_v0400) Windows Presentation Foundation Font Cache 4.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -> [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(ACDaemon) ArcSoft Connect Daemon [Auto | Stopped] -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -> [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.)
(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(avast! Antivirus) avast! Antivirus [Auto | Stopped] -> C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -> [2010/03/09 05:24:08 | 000,040,384 | ---- | M] (ALWIL Software)
(FontCache) Windows Font Cache Service [On_Demand | Stopped] -> C:\Windows\System32\FntCache.dll -> [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation)
(avg8emc) AVG Free8 E-mail Scanner [Auto | Stopped] -> C:\Program Files\AVG\AVG8\avgemc.exe -> [2009/08/28 09:28:50 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avg8wd) AVG Free8 WatchDog [Auto | Stopped] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/28 09:28:39 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(McciCMService) McciCMService [Auto | Stopped] -> C:\Program Files\Common Files\Motive\McciCMService.exe -> [2009/08/14 08:45:34 | 000,319,488 | ---- | M] (Alcatel-Lucent)
(EMP_UDSA) EMP_UDSA [Auto | Stopped] -> C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe -> [2009/04/15 19:16:44 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation)
(WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation)
(WcesComm) Windows Mobile 2003-based device connectivity [Auto | Stopped] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2008/01/19 02:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Auto | Stopped] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2008/01/19 02:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation)
(WLSetupSvc) Windows Live Setup Service [On_Demand | Stopped] -> C:\Program Files\Windows Live\installer\WLSetupSvc.exe -> [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation)
(gusvc) Google Updater Service [On_Demand | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2007/05/08 20:30:26 | 000,138,168 | ---- | M] (Google)
(TNaviSrv) TOSHIBA Navi Support Service [Auto | Stopped] -> C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -> [2007/04/27 22:15:46 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
(hpqcxs08) hpqcxs08 [On_Demand | Stopped] -> C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -> [2007/03/13 03:23:18 | 000,225,280 | ---- | M] (Hewlett-Packard Co.)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Stopped] -> C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -> [2007/03/13 03:23:18 | 000,131,072 | ---- | M] (Hewlett-Packard Co.)
(TOSHIBA Bluetooth Service) TOSHIBA Bluetooth Service [Auto | Stopped] -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -> [2007/02/02 17:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION)
(Swupdtmr) Swupdtmr [Auto | Stopped] -> c:\Toshiba\IVP\swupdate\swupdtmr.exe -> [2007/01/25 20:50:26 | 000,063,096 | ---- | M] ()
(pinger) pinger [Auto | Stopped] -> C:\Toshiba\IVP\ISM\pinger.exe -> [2007/01/25 20:47:50 | 000,136,816 | ---- | M] ()
(TosCoSrv) TOSHIBA Power Saver [Auto | Stopped] -> C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -> [2006/12/20 02:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation)
(CFSvcs) ConfigFree Service [Auto | Stopped] -> C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -> [2006/11/14 23:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION)
(Pml Driver HPZ12) Pml Driver HPZ12 [Auto | Stopped] -> C:\Windows\System32\HPZipm12.dll -> [2006/11/08 17:35:38 | 000,053,248 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Stopped] -> C:\Windows\System32\HPZinw12.dll -> [2006/11/08 17:35:36 | 000,043,520 | ---- | M] (Hewlett-Packard)
(ehstart) Windows Media Center Service Launcher [Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation)
(AgereModemAudio) Agere Modem Call Progress Audio [Auto | Stopped] -> C:\Windows\System32\agrsmsvc.exe -> [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems)
(UleadBurningHelper) Ulead Burning Helper [Auto | Stopped] -> C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -> [2006/08/23 19:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.)
(TODDSrv) TOSHIBA Optical Disc Drive Service [Auto | Stopped] -> C:\Windows\System32\TODDSrv.exe -> [2006/05/25 21:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation)
 
[Driver Services - Safe List]
(AvgTdiX) AVG Free Network Redirector [Kernel | System | Stopped] -> C:\Windows\System32\Drivers\avgtdix.sys -> [2010/06/30 12:26:17 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Stopped] -> C:\Windows\System32\Drivers\avgldx86.sys -> [2010/06/30 12:26:15 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Stopped] -> C:\Windows\System32\Drivers\avgmfx86.sys -> [2010/06/30 12:26:14 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
(aswTdi) avast! Network Shield Support [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswTdi.sys -> [2010/03/09 05:12:54 | 000,046,672 | ---- | M] (ALWIL Software)
(aswSP) aswSP [Kernel | System | Stopped] -> C:\Windows\System32\drivers\aswSP.sys -> [2010/03/09 05:12:33 | 000,162,640 | ---- | M] (ALWIL Software)
(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\System32\drivers\aswRdr.sys -> [2010/03/09 05:09:08 | 000,023,376 | ---- | M] (ALWIL Software)
(aswMonFlt) aswMonFlt [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswMonFlt.sys -> [2010/03/09 05:08:52 | 000,051,792 | ---- | M] (ALWIL Software)
(aswFsBlk) aswFsBlk [File_System | Auto | Stopped] -> C:\Windows\System32\drivers\aswFsBlk.sys -> [2010/03/09 05:08:30 | 000,019,024 | ---- | M] (ALWIL Software)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasenum.sys -> [2010/01/05 08:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASDIFSV) SASDIFSV [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/01/05 08:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASKUTIL) SASKUTIL [Kernel | System | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/01/05 08:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(prmvmouse) Promethean HID Mouse Service [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\activmouse.sys -> [2009/10/05 17:56:52 | 000,006,144 | ---- | M] (Promethean Technologies Ltd)
(ActivHidSerMini) Promethean Serial Board Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\activhidsermini.sys -> [2009/05/05 17:25:12 | 000,055,936 | ---- | M] (Promethean Technologies Ltd)
(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\usb8023x.sys -> [2009/04/10 23:46:08 | 000,015,872 | ---- | M] (Microsoft Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\Windows\System32\Drivers\PxHelp20.sys -> [2008/11/20 14:19:06 | 000,043,872 | ---- | M] (Sonic Solutions)
(eppvad_simple) EPSON Projector UD Audio Device [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\EMP_UDAU.sys -> [2008/05/14 20:06:06 | 000,017,664 | ---- | M] (SEIKO EPSON CORPORATION)
(NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETw4v32.sys -> [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation)
(tos_sps32) TOSHIBA tos_sps32 Service [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\tos_sps32.sys -> [2007/04/27 22:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation)
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\RTKVHDA.sys -> [2007/02/06 21:44:14 | 001,739,816 | ---- | M] (Realtek Semiconductor Corp.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\SynTP.sys -> [2007/02/02 17:05:18 | 000,182,328 | ---- | M] (Synaptics, Inc.)
(tifm21) tifm21 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\tifm21.sys -> [2007/01/24 17:44:06 | 000,290,304 | ---- | M] (Texas Instruments)
(yukonwlh) NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\yk60x86.sys -> [2007/01/09 13:00:00 | 000,221,696 | ---- | M] (Marvell)
(KR3NPXP) KR3NPXP [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr3npxp.sys -> [2007/01/03 03:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION)
(KR10N) KR10N [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr10n.sys -> [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION)
(KR10I) KR10I [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\kr10i.sys -> [2007/01/03 03:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION)
(AgereSoftModem) TOSHIBA V92 Software Modem [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\AGRSM.sys -> [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems)
(FwLnk) FwLnk Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\FwLnk.sys -> [2006/11/20 01:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation)
(ql2300) QLogic Fibre Channel Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql2300.sys -> [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation)
(adp94xx) adp94xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adp94xx.sys -> [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.)
(elxstor) elxstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\elxstor.sys -> [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex)
(adpahci) adpahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpahci.sys -> [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.)
(uliahci) uliahci [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\uliahci.sys -> [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.)
(iaStorV) Intel RAID Controller Vista [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iastorv.sys -> [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
(adpu320) adpu320 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu320.sys -> [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.)
(ulsata2) ulsata2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata2.sys -> [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.)
(vsmraid) vsmraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\vsmraid.sys -> [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd)
(ql40xx) QLogic iSCSI Miniport Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ql40xx.sys -> [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation)
(UlSata) UlSata [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ulsata.sys -> [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.)
(adpu160m) adpu160m [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\adpu160m.sys -> [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.)
(nvraid) nvraid [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvraid.sys -> [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation)
(nfrd960) nfrd960 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nfrd960.sys -> [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation)
(iirsp) iirsp [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iirsp.sys -> [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH)
(SiSRaid4) SiSRaid4 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid4.sys -> [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems)
(nvstor) nvstor [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
(aic78xx) aic78xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\djsvs.sys -> [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.)
(arcsas) arcsas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arcsas.sys -> [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(LSI_SCSI) LSI_SCSI [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_scsi.sys -> [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic)
(SiSRaid2) SiSRaid2 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sisraid2.sys -> [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.)
(HpCISSs) HpCISSs [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\hpcisss.sys -> [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company)
(arc) arc [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\arc.sys -> [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.)
(iteraid) ITERAID_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteraid.sys -> [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(iteatapi) ITEATAPI_Service_Install [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\iteatapi.sys -> [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.)
(LSI_SAS) LSI_SAS [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_sas.sys -> [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic)
(Symc8xx) Symc8xx [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\symc8xx.sys -> [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic)
(LSI_FC) LSI_FC [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\lsi_fc.sys -> [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic)
(Sym_u3) Sym_u3 [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_u3.sys -> [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic)
(Mraid35x) Mraid35x [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\mraid35x.sys -> [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation)
(Sym_hi) Sym_hi [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\sym_hi.sys -> [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic)
(megasas) megasas [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\megasas.sys -> [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation)
(viaide) viaide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\viaide.sys -> [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.)
(cmdide) cmdide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\cmdide.sys -> [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.)
(aliide) aliide [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\aliide.sys -> [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.)
(Brserid) Brother MFC Serial Port Interface Driver (WDM) [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserid.sys -> [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.)
(BrSerWdm) Brother WDM Serial driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brserwdm.sys -> [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.)
(BrUsbMdm) Brother MFC USB Fax Only Modem [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\brusbmdm.sys -> [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.)
(ntrigdigi) N-trig HID Tablet Driver [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ntrigdigi.sys -> [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies)
(secdrv) Security Driver [Kernel | Auto | Stopped] -> C:\Windows\System32\drivers\secdrv.sys -> [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(tdcmdpst) TOSHIBA Writing Engine Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\tdcmdpst.sys -> [2006/10/18 14:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.)
(TVALZ) TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver [Kernel | Boot | Running] -> C:\Windows\system32\DRIVERS\TVALZ_O.SYS -> [2006/10/06 01:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"CustomSearch" -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/*http://www.yahoo.com/ext/search/search.html -> 
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> 
HKEY_USERS\.DEFAULT\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> 
HKEY_USERS\S-1-5-18\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> 
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: Main\\"StartPageCache" -> 1 -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: URLSearchHooks\\"{A3BC75A2-1F87-4686-AA43-5347D756017C}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyEnable" -> 1 -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyOverride" -> <local> -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyServer" -> http=127.0.0.1:5577 -> 
< FireFox Settings [Prefs.js] > -> C:\Users\Smashley\AppData\Roaming\Mozilla\FireFox\Profiles\vtup31pg.default\prefs.js -> 
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.defaulturl -> "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" ->
browser.search.selectedEngine -> "Bing" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://weather.yahoo.com/forecast/USLA0319_f.html" ->
extensions.enabledItems -> artur.dubovoy@gmail.com:2.0.6 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07076007 ->
extensions.enabledItems -> {5b1fdac4-a239-4933-9c52-b65a2a720b75}:2.3 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 ->
extensions.enabledItems -> DeviceDetection@logitech.com:1.0.176.0 ->
extensions.enabledItems -> {c2db4fe6-8409-45ce-8010-189a7b5cce86}:2.6.0.15 ->
keyword.URL -> "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=" ->
network.proxy.type -> 4 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG9\Firefox [C:\PROGRAM FILES\AVG\AVG9\FIREFOX] -> [2010/06/30 12:25:58 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\avg@igeared -> C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [C:\PROGRAM FILES\AVG\AVG9\TOOLBAR\FIREFOX\AVG@IGEARED] -> [2010/06/30 12:26:11 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/06/29 19:34:40 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/06/29 19:34:40 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Extensions -> [2009/03/08 13:09:11 | 000,000,000 | ---D | M]
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org -> [2009/03/08 13:09:11 | 000,000,000 | ---D | M]
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions -> [2010/06/29 19:45:08 | 000,000,000 | ---D | M]
Picnik   -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{5b1fdac4-a239-4933-9c52-b65a2a720b75} -> [2008/08/23 16:46:10 | 000,000,000 | ---D | M]
Yahoo! Toolbar   -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/03/24 19:21:33 | 000,000,000 | ---D | M]
NCH Toolbar   -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86} -> [2010/04/29 17:24:03 | 000,000,000 | ---D | M]
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\artur.dubovoy@gmail.com -> [2010/05/30 11:25:41 | 000,000,000 | ---D | M]
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\DeviceDetection@logitech.com -> [2010/04/05 13:51:59 | 000,000,000 | ---D | M]
  -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\moveplayer@movenetworks.com -> [2008/02/15 22:28:12 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > -> 
 bing.xml -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\searchplugins\bing.xml -> [2010/04/06 02:49:06 | 000,001,820 | ---- | M] ()
 photobucket.xml -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\searchplugins\photobucket.xml -> [2010/04/06 02:50:35 | 000,002,270 | ---- | M] ()
 siteadvisor.xml -> C:\Users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\searchplugins\siteadvisor.xml -> [2007/11/26 06:15:09 | 000,002,386 | ---- | M] ()
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2010/04/26 20:24:47 | 000,000,000 | ---D | M]
Smart Notebook Extension   -> C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} -> [2010/01/21 16:04:41 | 000,000,000 | ---D | M]
  -> C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org -> [2008/08/27 21:15:44 | 000,000,000 | ---D | M]
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1	   localhost
::1			 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2010/04/02 07:03:56 | 000,061,888 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/06/30 12:26:04 | 001,484,056 | ---- | M] (AVG Technologies CZ, s.r.o.)
{67BCF957-85FC-4036-8DC4-D4D80E00A77B} [HKLM] -> C:\Program Files\SMART Technologies\Notebook Software\NotebookPlugin.dll [CIEDownload Object] -> [2008/04/03 04:41:02 | 000,599,336 | ---- | M] (SMART Technologies ULC.)
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar BHO] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/10/11 05:17:29 | 000,041,760 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\Software\Microsoft\Internet Explorer\Toolbar\ -> 
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [AVG Security Toolbar] -> [2009/11/25 13:01:54 | 001,230,080 | ---- | M] ()
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"00TCrdMain" -> C:\Program Files\Toshiba\FlashCards\TCrdMain.exe [%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe] -> [2007/01/17 16:46:32 | 000,534,648 | ---- | M] (TOSHIBA Corporation)
"ActivControl" -> C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe [C:\Program Files\Activ Software\ActivDriver\ActivControl2.exe] -> [2009/10/22 16:44:14 | 001,088,800 | ---- | M] (Promethean Technologies Group Ltd)
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2010/03/24 13:17:47 | 000,952,768 | ---- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2010/04/02 13:05:30 | 000,040,368 | ---- | M] (Adobe Systems Incorporated)
"ArcSoft Connection Service" -> C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe] -> [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.)
"avast5" -> C:\Program Files\Alwil Software\Avast5\AvastUI.exe [C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui] -> [2010/03/09 05:24:10 | 002,769,336 | ---- | M] (ALWIL Software)
"AVG9_TRAY" -> C:\Program Files\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2010/06/30 12:26:02 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.)
"Camera Assistant Software" -> C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe ["C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"] -> [2007/02/13 09:30:24 | 000,405,504 | ---- | M] (Chicony)
"CamWizard" -> C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe [C:\Program Files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe] -> [2005/05/13 13:42:52 | 000,184,320 | ---- | M] (Logitech Inc.)
"EPSON_UD_START" -> C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe ["C:\Program Files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" -UDCONNECT] -> [2009/04/15 18:47:58 | 000,329,632 | ---- | M] (SEIKO EPSON CORPORATION)
"GoBoingo" -> C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe [C:\Program Files\Alltel\GoBoingo\AlltelWifi.exe] -> [2007/10/02 17:51:54 | 000,324,912 | ---- | M] (Boingo Wireless, Inc.)
"HotKeysCmds" -> C:\Windows\System32\hkcmd.exe [C:\Windows\system32\hkcmd.exe] -> [2007/03/13 13:34:02 | 000,154,392 | ---- | M] (Intel Corporation)
"hpqSRMon" -> C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe [C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe] -> [2008/08/20 11:54:08 | 000,150,016 | ---- | M] (Hewlett-Packard)
"HSON" -> C:\Program Files\Toshiba\TBS\HSON.exe [%ProgramFiles%\TOSHIBA\TBS\HSON.exe] -> [2006/12/07 19:49:20 | 000,055,416 | ---- | M] (TOSHIBA Corporation)
"IgfxTray" -> C:\Windows\System32\igfxtray.exe [C:\Windows\system32\igfxtray.exe] -> [2007/03/13 13:34:24 | 000,138,008 | ---- | M] (Intel Corporation)
"LogitechVideoRepair" -> C:\Program Files\Logitech\Video\ISStart.exe [C:\Program Files\Logitech\Video\ISStart.exe ] -> [2005/06/08 15:24:32 | 000,458,752 | ---- | M] (Logitech Inc.)
"LogitechVideoTray" -> C:\Program Files\Logitech\Video\LogiTray.exe [C:\Program Files\Logitech\Video\LogiTray.exe] -> [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.)
"LVCOMSX" -> C:\Windows\System32\LVCOMSX.EXE [C:\Windows\system32\LVCOMSX.EXE] -> [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2010/01/07 17:07:10 | 001,394,000 | ---- | M] (Malwarebytes Corporation)
"NDSTray.exe" ->  [NDSTray.exe] -> File not found
"Persistence" -> C:\Windows\System32\igfxpers.exe [C:\Windows\system32\igfxpers.exe] -> [2007/03/13 13:34:16 | 000,133,912 | ---- | M] (Intel Corporation)
"QuickTime Task" -> C:\Program Files\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/01/31 23:13:08 | 000,385,024 | ---- | M] (Apple Inc.)
"RtHDVCpl" -> C:\Windows\RtHDVCpl.exe [RtHDVCpl.exe] -> [2007/02/06 20:50:08 | 004,374,528 | ---- | M] (Realtek Semiconductor)
"sealmon.exe" -> C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe [C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe] -> [2010/01/13 20:19:12 | 000,370,992 | ---- | M] (Oracle Corporation)
"SmoothView" -> C:\Program Files\Toshiba\SmoothView\SmoothView.exe [%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe] -> [2007/01/19 01:24:20 | 000,448,632 | ---- | M] (TOSHIBA Corporation)
"SunJavaUpdateSched" -> C:\Program Files\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2009/10/11 05:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2007/02/02 16:36:50 | 000,835,584 | ---- | M] (Synaptics, Inc.)
"TPwrMain" -> C:\Program Files\Toshiba\Power Saver\TPwrMain.exe [%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE] -> [2006/12/20 02:16:44 | 000,411,768 | ---- | M] (TOSHIBA Corporation)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation)
"Windows Mobile-based device management" -> C:\Windows\WindowsMobile\wmdSync.exe [%windir%\WindowsMobile\wmdSync.exe] -> [2006/11/02 04:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Picasa Media Detector" -> C:\Program Files\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> File not found
< Run [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"Picasa Media Detector" -> C:\Program Files\Picasa2\PicasaMediaDetector.exe [C:\Program Files\Picasa2\PicasaMediaDetector.exe] -> File not found
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 01:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 01:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"ggldadpe" -> C:\Users\Smashley\AppData\Local\bdibbjahd\ohupgcrtssd.exe [C:\Users\Smashley\AppData\Local\bdibbjahd\ohupgcrtssd.exe] -> [2010/06/29 23:20:38 | 000,286,464 | ---- | M] ()
"LogitechSoftwareUpdate" -> C:\Program Files\Logitech\Video\ManifestEngine.exe ["C:\Program Files\Logitech\Video\ManifestEngine.exe" boot] -> [2005/06/08 14:44:14 | 000,196,608 | ---- | M] (Logitech Inc.)
"TOSCDSPD" ->  [TOSCDSPD.EXE] -> File not found
"WMPNSCFG" -> C:\Program Files\Windows Media Player\wmpnscfg.exe [C:\Program Files\Windows Media Player\WMPNSCFG.exe] -> [2008/01/19 02:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 18:47:50 | 003,604,480 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 18:47:50 | 003,604,480 | ---- | M] (Google Inc.)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Add to Google Photos Screensa&ver -> C:\Windows\System32\GPhotos.scr [res://C:\Windows\system32\GPhotos.scr/200] -> [2010/02/19 18:47:50 | 003,604,480 | ---- | M] (Google Inc.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M] (Microsoft Corporation)
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4810 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 68.87.68.166 68.87.74.166 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{D0DEFBEB-88E5-49BD-8F31-6B3C88E30F28}\\DhcpNameServer -> 68.87.68.166 68.87.74.166   (Intel(R) PRO/Wireless 3945ABG Network Connection) -> 
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> 
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> 
avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2010/06/30 12:26:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> 
!SASWinLogon -> C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -> [2009/09/03 15:21:42 | 000,548,352 | ---- | M] (SUPERAntiSpyware.com)
igfxcui -> C:\Windows\System32\igfxdev.dll -> [2007/03/06 13:33:04 | 000,204,800 | ---- | M] (Intel Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 10:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\TOSHIBA\Ivp\ISM\pinger.exe" -> C:\TOSHIBA\Ivp\ISM\pinger.exe [C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger] -> [2007/01/25 20:47:50 | 000,136,816 | ---- | M] ()
"C:\TOSHIBA\ivp\NetInt\Netint.exe" -> C:\TOSHIBA\ivp\NetInt\Netint.exe [C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine] -> [2007/01/25 20:49:34 | 000,472,688 | ---- | M] (TOSHIBA Corporation)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
\F
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell
\F\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command
\F\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{0aea8497-2f57-11dd-82ed-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aea8497-2f57-11dd-82ed-00a0d17cf124}\shell\AutoRun\command
\{0aea8497-2f57-11dd-82ed-00a0d17cf124}\shell\AutoRun\command\\"" -> E:\Player\DVR_Player.exe ..\20 [E:\Player\DVR_Player.exe ..\20080311\151346\NORMAL\[000001].drv -DT000 -M33] -> File not found
\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\shell
\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\shell\AutoRun\command
\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\EMP_UDSe.exe [F:\EMP_UDSe.exe /autorun] -> File not found
\{4b0432f2-2436-11df-b00a-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432f2-2436-11df-b00a-00a0d17cf124}\shell
\{4b0432f2-2436-11df-b00a-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432f2-2436-11df-b00a-00a0d17cf124}\shell\AutoRun\command
\{4b0432f2-2436-11df-b00a-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
\{4b0432fd-2436-11df-b00a-7a8020000200}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432fd-2436-11df-b00a-7a8020000200}\shell
\{4b0432fd-2436-11df-b00a-7a8020000200}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432fd-2436-11df-b00a-7a8020000200}\shell\AutoRun\command
\{4b0432fd-2436-11df-b00a-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
\{4db79140-72ee-11de-8041-7a8020000200}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db79140-72ee-11de-8041-7a8020000200}\shell
\{4db79140-72ee-11de-8041-7a8020000200}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db79140-72ee-11de-8041-7a8020000200}\shell\AutoRun\command
\{4db79140-72ee-11de-8041-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
\{5df7010f-dc25-11dd-b09c-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\shell
\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\shell\AutoRun\command
\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{8ba3e4b2-b470-11de-8642-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ba3e4b2-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command
\{8ba3e4b2-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command\\"" -> E:\setupSNK.exe [E:\setupSNK.exe] -> File not found
\{8ba3e4b5-b470-11de-8642-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\shell
\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command
\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{d9f2e680-af89-11de-ace1-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f2e680-af89-11de-ace1-00a0d17cf124}\shell
\{d9f2e680-af89-11de-ace1-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f2e680-af89-11de-ace1-00a0d17cf124}\shell\AutoRun\command
\{d9f2e680-af89-11de-ace1-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a] -> File not found
\{f27f8b42-47e1-11de-a951-00a0d17cf124}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8b42-47e1-11de-a951-00a0d17cf124}\shell
\{f27f8b42-47e1-11de-a951-00a0d17cf124}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8b42-47e1-11de-a951-00a0d17cf124}\shell\AutoRun\command
\{f27f8b42-47e1-11de-a951-00a0d17cf124}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe] -> File not found
\{f27f8bba-47e1-11de-a951-7a8020000200}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8bba-47e1-11de-a951-7a8020000200}\shell
\{f27f8bba-47e1-11de-a951-7a8020000200}\shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8bba-47e1-11de-a951-7a8020000200}\shell\AutoRun\command
\{f27f8bba-47e1-11de-a951-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> 
"msacm.dvacm" -> C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm [C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm] -> [2006/08/23 19:39:40 | 000,032,768 | ---- | M] (Ulead Systems, Inc.)
"msacm.l3acm" -> C:\Windows\System32\l3codeca.acm [L3CODECA.ACM] -> [2010/01/21 10:05:44 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS)
"MSVideo" -> C:\Windows\System32\vfwwdm32.dll [vfwwdm32.dll] -> [2008/01/19 02:36:47 | 000,056,832 | ---- | M] (Microsoft Corporation)
"MSVideo8" -> C:\Windows\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/01/19 02:36:47 | 000,056,832 | ---- | M] (Microsoft Corporation)
"vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2006/11/02 07:34:41 | 000,081,920 | ---- | M] (Radius Inc.)
"vidc.DIVX" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2008/01/04 16:57:10 | 000,682,496 | ---- | M] (DivX, Inc.)
"VIDC.I420" -> C:\Windows\System32\lvcodec2.dll [lvcodec2.dll] -> [2005/05/27 09:26:36 | 000,204,800 | ---- | M] (Logitech Inc.)
"vidc.tscc" -> C:\Windows\System32\tsccvid.dll [tsccvid.dll] -> [2005/06/15 10:00:00 | 000,102,400 | ---- | M] (TechSmith Corporation)
"vidc.VP60" -> C:\Windows\System32\vp6vfw.dll [C:\Windows\system32\vp6vfw.dll] -> [2004/08/17 22:14:36 | 000,442,368 | R--- | M] (On2.com)
"vidc.VP61" -> C:\Windows\System32\vp6vfw.dll [C:\Windows\system32\vp6vfw.dll] -> [2004/08/17 22:14:36 | 000,442,368 | R--- | M] (On2.com)
"VIDC.WMV3" -> C:\Windows\System32\wmv9vcm.dll [wmv9vcm.dll] -> [2003/06/23 02:44:36 | 001,415,680 | ---- | M] (Microsoft Corporation)
"vidc.yv12" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2008/01/04 16:57:10 | 000,682,496 | ---- | M] (DivX, Inc.)
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
batfile [open] -> "%1" %* -> 
cmdfile [open] -> "%1" %* -> 
comfile [open] -> "%1" %* -> 
cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 04:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation)
exefile [open] -> "%1" %* -> 
helpfile [open] -> Reg Error: Key error.
hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 04:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation)
htmlfile [edit] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 -> [2007/04/19 15:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
htmlfile [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
htmlfile [opennew] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
htmlfile [print] -> "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 -> [2007/04/19 15:07:38 | 000,061,280 | ---- | M] (Microsoft Corporation)
http [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
https [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" -nohome -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 02:33:12 | 000,011,776 | ---- | M] (Microsoft Corporation)
piffile [open] -> "%1" %* -> 
regfile [merge] -> Reg Error: Key error.
scrfile [config] -> "%1" -> 
scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> [2008/01/19 02:32:56 | 000,368,640 | ---- | M] (Microsoft Corporation)
scrfile [open] -> "%1" /S -> 
txtfile [edit] -> Reg Error: Key error.
Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> 
Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 02:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation)
Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Directory [OneNote.Open] -> C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M] (Microsoft Corporation)
Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
Applications\iexplore.exe [open] -> "C:\Program Files\Internet Explorer\iexplore.exe" %1 -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -> "C:\Program Files\Internet Explorer\iexplore.exe" -> [2010/05/04 01:00:35 | 000,638,232 | ---- | M] (Microsoft Corporation)
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 5/17/2010 05:18:04 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1400  Start Time: 01caf600a132bbd0  Termination Time: 0
Application [ Error ] 5/17/2010 05:19:20 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: a30  Start Time: 01caf606704c5d90  Termination Time: 0
Application [ Error ] 5/17/2010 05:21:17 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 11b8  Start Time: 01caf6069d626b30  Termination Time: 0
Application [ Error ] 5/17/2010 05:22:41 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 155c  Start Time: 01caf606e313e910  Termination Time: 0
Application [ Error ] 5/17/2010 05:36:52 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1078  Start Time: 01caf60714f9a730  Termination Time: 0
Application [ Error ] 5/18/2010 04:57:01 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 7f4  Start Time: 01caf6ca6a0fb3c7  Termination Time: 0
Application [ Error ] 5/18/2010 04:58:49 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 308  Start Time: 01caf6cca972ed57  Termination Time: 0
Application [ Error ] 5/18/2010 04:59:06 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 1c4  Start Time: 01caf6ccea0d5177  Termination Time: 76
Application [ Error ] 5/18/2010 05:12:24 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 154c  Start Time: 01caf6ccf48ab667  Termination Time: 0
Application [ Error ] 5/20/2010 05:46:51 PM Computer Name = Smash2theLey | Source = Application Hang | ID = 1002 -> Description = The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.  Process ID: 161c  Start Time: 01caf6cecfd0a267  Termination Time: 2609
Media Center [ Error ] 11/27/2007 02:47:52 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/3/2007 08:55:25 PM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/13/2007 12:45:31 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/15/2007 06:50:00 PM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 12/21/2007 12:36:25 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 4/2/2008 12:18:27 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
Media Center [ Error ] 4/15/2008 10:16:39 PM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 5/26/2008 12:51:14 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 6/1/2008 12:13:37 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.
Media Center [ Error ] 8/9/2008 01:48:52 AM Computer Name = Smash2theLey | Source = MCUpdate | ID = 0 -> Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.
System [ Error ] 12/4/2008 09:26:01 PM Computer Name = Smash2theLey | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.1.125 for the Network Card with network address 001B778291FF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 12/4/2008 10:48:22 PM Computer Name = Smash2theLey | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 8:40:17 PM on 12/4/2008 was unexpected.
System [ Error ] 12/4/2008 10:48:26 PM Computer Name = Smash2theLey | Source = HTTP | ID = 15016 -> Description = 
System [ Error ] 12/4/2008 10:50:04 PM Computer Name = Smash2theLey | Source = Service Control Manager | ID = 7000 -> Description = 
System [ Error ] 12/5/2008 11:54:39 PM Computer Name = Smash2theLey | Source = Service Control Manager | ID = 7011 -> Description = 
System [ Error ] 12/6/2008 08:28:37 PM Computer Name = Smash2theLey | Source = yukonwlh | ID = 458853 -> Description = Driver has encountered an internal error
System [ Error ] 12/6/2008 08:28:37 PM Computer Name = Smash2theLey | Source = yukonwlh | ID = 458853 -> Description = Driver has encountered an internal error
System [ Error ] 12/6/2008 08:28:58 PM Computer Name = Smash2theLey | Source = Dhcp | ID = 1002 -> Description = The IP address lease 192.168.2.102 for the Network Card with network address 001B778291FF has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
System [ Error ] 12/6/2008 11:24:18 PM Computer Name = Smash2theLey | Source = Service Control Manager | ID = 7011 -> Description = 
System [ Error ] 12/7/2008 02:06:54 AM Computer Name = Smash2theLey | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 10:50:00 PM on 12/6/2008 was unexpected.
 
[Files/Folders - Created Within 30 Days]
 $AVG -> C:\$AVG -> [2010/06/30 12:30:31 | 000,000,000 | -H-D | C]
 avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2010/06/30 12:26:19 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.)
 avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2010/06/30 12:26:17 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2010/06/30 12:26:15 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.)
 avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2010/06/30 12:26:14 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.)
 Avg -> C:\Windows\System32\drivers\Avg -> [2010/06/30 12:26:13 | 000,000,000 | ---D | C]
 AVG Security Toolbar -> C:\ProgramData\AVG Security Toolbar -> [2010/06/30 12:26:11 | 000,000,000 | ---D | C]
 bdibbjahd -> C:\Users\Smashley\AppData\Local\bdibbjahd -> [2010/06/29 23:21:03 | 000,000,000 | ---D | C]
 PresentationHostProxy.dll -> C:\Windows\System32\PresentationHostProxy.dll -> [2010/06/24 03:00:48 | 000,099,176 | ---- | C] (Microsoft Corporation)
 PresentationHost.exe -> C:\Windows\System32\PresentationHost.exe -> [2010/06/24 03:00:47 | 000,295,264 | ---- | C] (Microsoft Corporation)
 netfxperf.dll -> C:\Windows\System32\netfxperf.dll -> [2010/06/24 03:00:47 | 000,049,472 | ---- | C] (Microsoft Corporation)
 Apphlpdm.dll -> C:\Windows\System32\Apphlpdm.dll -> [2010/06/23 00:23:25 | 000,028,672 | ---- | C] (Microsoft Corporation)
 GameUXLegacyGDFs.dll -> C:\Windows\System32\GameUXLegacyGDFs.dll -> [2010/06/23 00:23:24 | 004,240,384 | ---- | C] (Microsoft)
 Gimp Brushes -> C:\Users\Smashley\Desktop\Gimp Brushes -> [2010/06/18 01:55:36 | 000,000,000 | ---D | C]
 heart -> C:\Users\Smashley\heart -> [2010/06/17 19:30:50 | 000,000,000 | ---D | C]
 asycfilt.dll -> C:\Windows\System32\asycfilt.dll -> [2010/06/08 21:40:23 | 000,067,072 | ---- | C] (Microsoft Corporation)
 atmfd.dll -> C:\Windows\System32\atmfd.dll -> [2010/06/08 21:40:17 | 000,289,792 | ---- | C] (Adobe Systems Incorporated)
 atmlib.dll -> C:\Windows\System32\atmlib.dll -> [2010/06/08 21:40:16 | 000,034,304 | ---- | C] (Adobe Systems)
 msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2010/06/08 21:39:55 | 000,599,040 | ---- | C] (Microsoft Corporation)
 mstime.dll -> C:\Windows\System32\mstime.dll -> [2010/06/08 21:39:54 | 000,611,840 | ---- | C] (Microsoft Corporation)
 iedkcs32.dll -> C:\Windows\System32\iedkcs32.dll -> [2010/06/08 21:39:54 | 000,387,584 | ---- | C] (Microsoft Corporation)
 inetcpl.cpl -> C:\Windows\System32\inetcpl.cpl -> [2010/06/08 21:39:53 | 001,469,440 | ---- | C] (Microsoft Corporation)
 ieui.dll -> C:\Windows\System32\ieui.dll -> [2010/06/08 21:39:53 | 000,164,352 | ---- | C] (Microsoft Corporation)
 iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2010/06/08 21:39:52 | 000,184,320 | ---- | C] (Microsoft Corporation)
 ieUnatt.exe -> C:\Windows\System32\ieUnatt.exe -> [2010/06/08 21:39:52 | 000,133,632 | ---- | C] (Microsoft Corporation)
 iesysprep.dll -> C:\Windows\System32\iesysprep.dll -> [2010/06/08 21:39:52 | 000,109,056 | ---- | C] (Microsoft Corporation)
 msfeedsbs.dll -> C:\Windows\System32\msfeedsbs.dll -> [2010/06/08 21:39:52 | 000,055,296 | ---- | C] (Microsoft Corporation)
 jsproxy.dll -> C:\Windows\System32\jsproxy.dll -> [2010/06/08 21:39:52 | 000,025,600 | ---- | C] (Microsoft Corporation)
 mshtml.tlb -> C:\Windows\System32\mshtml.tlb -> [2010/06/08 21:39:44 | 001,638,912 | ---- | C] (Microsoft Corporation)
 ie4uinit.exe -> C:\Windows\System32\ie4uinit.exe -> [2010/06/08 21:39:44 | 000,173,056 | ---- | C] (Microsoft Corporation)
 iesetup.dll -> C:\Windows\System32\iesetup.dll -> [2010/06/08 21:39:44 | 000,071,680 | ---- | C] (Microsoft Corporation)
 iernonce.dll -> C:\Windows\System32\iernonce.dll -> [2010/06/08 21:39:44 | 000,055,808 | ---- | C] (Microsoft Corporation)
 msfeedssync.exe -> C:\Windows\System32\msfeedssync.exe -> [2010/06/08 21:39:44 | 000,013,312 | ---- | C] (Microsoft Corporation)
 win32k.sys -> C:\Windows\System32\win32k.sys -> [2010/06/08 21:39:30 | 002,037,248 | ---- | C] (Microsoft Corporation)
 
[Files/Folders - Modified Within 30 Days]
 ntuser.dat -> C:\Users\Smashley\ntuser.dat -> [2010/06/30 12:40:14 | 004,718,592 | -HS- | M] ()
 avgrsstx.dll -> C:\Windows\System32\avgrsstx.dll -> [2010/06/30 12:26:19 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
 AVG Free 9.0.lnk -> C:\Users\Public\Desktop\AVG Free 9.0.lnk -> [2010/06/30 12:26:19 | 000,001,658 | ---- | M] ()
 avgtdix.sys -> C:\Windows\System32\drivers\avgtdix.sys -> [2010/06/30 12:26:17 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\Windows\System32\drivers\avgldx86.sys -> [2010/06/30 12:26:15 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.)
 incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2010/06/30 12:26:14 | 061,534,963 | ---- | M] ()
 iavichjw.avm -> C:\Windows\System32\drivers\Avg\iavichjw.avm -> [2010/06/30 12:26:14 | 000,113,461 | ---- | M] ()
 avgmfx86.sys -> C:\Windows\System32\drivers\avgmfx86.sys -> [2010/06/30 12:26:14 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2010/06/30 12:26:13 | 006,061,540 | ---- | M] ()
 miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2010/06/30 12:26:13 | 000,492,629 | ---- | M] ()
 microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2010/06/30 12:26:13 | 000,142,495 | ---- | M] ()
 Ikeext.etl -> C:\Windows\System32\Ikeext.etl -> [2010/06/30 12:09:42 | 000,016,384 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2010/06/30 12:09:33 | 000,067,584 | --S- | M] ()
 ntuser.dat{b1f1f7da-549f-11dd-88bd-001b778291ff}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\Smashley\ntuser.dat{b1f1f7da-549f-11dd-88bd-001b778291ff}.TMContainer00000000000000000001.regtrans-ms -> [2010/06/30 02:19:03 | 000,524,288 | -HS- | M] ()
 ntuser.dat{b1f1f7da-549f-11dd-88bd-001b778291ff}.TM.blf -> C:\Users\Smashley\ntuser.dat{b1f1f7da-549f-11dd-88bd-001b778291ff}.TM.blf -> [2010/06/30 02:19:03 | 000,065,536 | -HS- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/30 02:16:58 | 000,003,568 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/06/30 02:16:58 | 000,003,568 | -H-- | M] ()
 SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/06/30 02:16:37 | 000,000,006 | -H-- | M] ()
 {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> [2010/06/30 02:16:27 | 000,000,298 | -H-- | M] ()
 AWC Startup.job -> C:\Windows\tasks\AWC Startup.job -> [2010/06/30 02:16:24 | 000,000,376 | ---- | M] ()
 d3d9caps.dat -> C:\Users\Smashley\AppData\Local\d3d9caps.dat -> [2010/06/30 02:16:22 | 000,000,680 | ---- | M] ()
 oqalarejuc.dll -> C:\Users\Smashley\AppData\Local\oqalarejuc.dll -> [2010/06/29 23:23:33 | 000,002,744 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\System32\PerfStringBackup.INI -> [2010/06/29 19:36:01 | 000,759,570 | ---- | M] ()
 perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2010/06/29 19:36:01 | 000,642,906 | ---- | M] ()
 perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2010/06/29 19:36:01 | 000,120,064 | ---- | M] ()
 Norton Security Scan for Smashley.job -> C:\Windows\tasks\Norton Security Scan for Smashley.job -> [2010/06/29 03:05:13 | 000,000,564 | -H-- | M] ()
 Newest_Resume.doc -> C:\Users\Smashley\Documents\Newest_Resume.doc -> [2010/06/21 11:40:01 | 000,032,256 | ---- | M] ()
 Resume for ULM-1.doc -> C:\Users\Smashley\Documents\Resume for ULM-1.doc -> [2010/06/21 11:02:01 | 000,035,840 | ---- | M] ()
 .recently-used.xbel -> C:\Users\Smashley\.recently-used.xbel -> [2010/06/17 14:13:35 | 000,005,885 | ---- | M] ()
 HCG Recipes2.doc -> C:\Users\Smashley\Documents\HCG Recipes2.doc -> [2010/06/16 14:49:56 | 000,027,648 | ---- | M] ()
 Microsoft Office Word 2003.lnk -> C:\Users\Smashley\Desktop\Microsoft Office Word 2003.lnk -> [2010/06/16 14:10:30 | 000,002,609 | ---- | M] ()
 HCG Recipes.doc -> C:\Users\Smashley\Documents\HCG Recipes.doc -> [2010/06/14 17:12:47 | 000,024,064 | ---- | M] ()
 Hcg Phase2 Recipes.pdf -> C:\Users\Smashley\Desktop\Hcg Phase2 Recipes.pdf -> [2010/06/14 14:15:29 | 000,669,167 | ---- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/06/12 01:28:27 | 000,501,584 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2010/06/12 01:24:24 | 001,182,888 | ---- | M] ()
 GIMP 2.lnk -> C:\Users\Public\Desktop\GIMP 2.lnk -> [2010/06/10 01:54:24 | 000,000,909 | ---- | M] ()
 LimeWire 5.5.9.lnk -> C:\Users\Smashley\Desktop\LimeWire 5.5.9.lnk -> [2010/06/08 22:49:05 | 000,001,711 | ---- | M] ()
 win.ini -> C:\Windows\win.ini -> [2010/06/08 22:46:26 | 000,000,275 | ---- | M] ()
 vbaddin.ini -> C:\Windows\vbaddin.ini -> [2010/06/08 22:34:59 | 000,000,039 | ---- | M] ()
 13 C:\Users\Smashley\AppData\Local\Temp\*.tmp files -> C:\Users\Smashley\AppData\Local\Temp\*.tmp -> 
 13 C:\Users\Smashley\AppData\Local\Temp\*.tmp files -> C:\Users\Smashley\AppData\Local\Temp\*.tmp -> 
 
[Files - No Company Name]
 AVG Free 9.0.lnk -> C:\Users\Public\Desktop\AVG Free 9.0.lnk -> [2010/06/30 12:26:19 | 000,001,658 | ---- | C] ()
 iavichjw.avm -> C:\Windows\System32\drivers\Avg\iavichjw.avm -> [2010/06/30 12:26:14 | 000,113,461 | ---- | C] ()
 incavi.avm -> C:\Windows\System32\drivers\Avg\incavi.avm -> [2010/06/30 12:26:13 | 061,534,963 | ---- | C] ()
 avi7.avg -> C:\Windows\System32\drivers\Avg\avi7.avg -> [2010/06/30 12:26:13 | 006,061,540 | ---- | C] ()
 miniavi.avg -> C:\Windows\System32\drivers\Avg\miniavi.avg -> [2010/06/30 12:26:13 | 000,492,629 | ---- | C] ()
 microavi.avg -> C:\Windows\System32\drivers\Avg\microavi.avg -> [2010/06/30 12:26:13 | 000,142,495 | ---- | C] ()
 {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> [2010/06/30 02:13:36 | 000,000,298 | -H-- | C] ()
 d3d9caps.dat -> C:\Users\Smashley\AppData\Local\d3d9caps.dat -> [2010/06/29 23:38:34 | 000,000,680 | ---- | C] ()
 oqalarejuc.dll -> C:\Users\Smashley\AppData\Local\oqalarejuc.dll -> [2010/06/29 23:23:33 | 000,002,744 | ---- | C] ()
 Newest_Resume.doc -> C:\Users\Smashley\Documents\Newest_Resume.doc -> [2010/06/21 11:40:01 | 000,032,256 | ---- | C] ()
 .recently-used.xbel -> C:\Users\Smashley\.recently-used.xbel -> [2010/06/17 14:13:35 | 000,005,885 | ---- | C] ()
 HCG Recipes2.doc -> C:\Users\Smashley\Documents\HCG Recipes2.doc -> [2010/06/16 14:49:55 | 000,027,648 | ---- | C] ()
 HCG Recipes.doc -> C:\Users\Smashley\Documents\HCG Recipes.doc -> [2010/06/14 17:12:44 | 000,024,064 | ---- | C] ()
 Hcg Phase2 Recipes.pdf -> C:\Users\Smashley\Desktop\Hcg Phase2 Recipes.pdf -> [2010/06/14 14:15:28 | 000,669,167 | ---- | C] ()
 LimeWire 5.5.9.lnk -> C:\Users\Smashley\Desktop\LimeWire 5.5.9.lnk -> [2010/06/08 22:49:05 | 000,001,711 | ---- | C] ()
 Resume for ULM-1.doc -> C:\Users\Smashley\Documents\Resume for ULM-1.doc -> [2010/06/02 09:35:08 | 000,035,840 | ---- | C] ()
 unrar.dll -> C:\Windows\System32\unrar.dll -> [2010/04/29 17:12:02 | 000,165,376 | ---- | C] ()
 lvcoinst.ini -> C:\Windows\System32\lvcoinst.ini -> [2010/04/05 15:01:51 | 000,009,255 | ---- | C] ()
 Bti.ini -> C:\Windows\Bti.ini -> [2009/11/30 12:55:39 | 000,000,751 | ---- | C] ()
 libactivboardex.dll -> C:\Windows\libactivboardex.dll -> [2009/10/22 16:44:36 | 000,223,016 | ---- | C] ()
 ActivDRV.dll -> C:\Windows\ActivDRV.dll -> [2009/10/22 16:44:16 | 000,252,696 | ---- | C] ()
 EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/09/17 19:20:25 | 000,117,248 | ---- | C] ()
 OGACheckControl.dll -> C:\Windows\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
 pythoncom21.dll -> C:\Windows\System32\pythoncom21.dll -> [2009/02/08 19:15:08 | 000,290,919 | ---- | C] ()
 PyWinTypes21.dll -> C:\Windows\System32\PyWinTypes21.dll -> [2009/02/08 19:15:08 | 000,057,344 | ---- | C] ()
 SlantAdj.dll -> C:\Windows\SlantAdj.dll -> [2009/02/08 19:13:38 | 000,096,768 | ---- | C] ()
 epDPE.ini -> C:\Windows\System32\epDPE.ini -> [2009/02/08 19:13:38 | 000,000,072 | R--- | C] ()
 EPSON CX3200 Installer.ini -> C:\Windows\EPSON CX3200 Installer.ini -> [2009/02/08 18:45:15 | 000,000,171 | ---- | C] ()
 swupdate.INI -> C:\Windows\swupdate.INI -> [2008/04/30 21:16:30 | 000,000,067 | ---- | C] ()
 jpn_lang_plusviewer.ini -> C:\Windows\System32\jpn_lang_plusviewer.ini -> [2008/01/24 10:58:36 | 000,028,124 | ---- | C] ()
 kor_lang_plusviewer.ini -> C:\Windows\System32\kor_lang_plusviewer.ini -> [2008/01/24 10:58:20 | 000,028,973 | ---- | C] ()
 eng_lang_plusviewer.ini -> C:\Windows\System32\eng_lang_plusviewer.ini -> [2008/01/24 10:58:06 | 000,029,742 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2008/01/16 22:11:46 | 000,000,376 | ---- | C] ()
 qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/01/04 16:58:50 | 003,596,288 | ---- | C] ()
 dtu100.dll.manifest -> C:\Windows\System32\dtu100.dll.manifest -> [2008/01/04 16:57:22 | 000,000,416 | ---- | C] ()
 dpl100.dll.manifest -> C:\Windows\System32\dpl100.dll.manifest -> [2008/01/04 16:57:22 | 000,000,416 | ---- | C] ()
 DivXWMPExtType.dll -> C:\Windows\System32\DivXWMPExtType.dll -> [2008/01/04 16:56:24 | 000,012,288 | ---- | C] ()
 tosmreg.ini -> C:\Windows\System32\tosmreg.ini -> [2007/07/18 00:42:16 | 000,010,150 | ---- | C] ()
 csellang.ini -> C:\Windows\System32\csellang.ini -> [2007/07/18 00:42:15 | 000,128,113 | ---- | C] ()
 csellang.dll -> C:\Windows\System32\csellang.dll -> [2007/07/18 00:42:15 | 000,045,056 | ---- | C] ()
 cseltbl.ini -> C:\Windows\System32\cseltbl.ini -> [2007/07/18 00:42:15 | 000,007,671 | ---- | C] ()
 mp4dec2avi.dll -> C:\Windows\System32\mp4dec2avi.dll -> [2007/03/21 17:30:52 | 000,069,632 | ---- | C] ()
 igfxCoIn_v1227.dll -> C:\Windows\System32\igfxCoIn_v1227.dll -> [2007/03/06 14:49:42 | 000,204,800 | ---- | C] ()
 IVIresizeW7.dll -> C:\Windows\System32\IVIresizeW7.dll -> [2007/03/02 14:01:09 | 000,204,800 | ---- | C] ()
 IVIresizePX.dll -> C:\Windows\System32\IVIresizePX.dll -> [2007/03/02 14:01:09 | 000,188,416 | ---- | C] ()
 IVIresizeA6.dll -> C:\Windows\System32\IVIresizeA6.dll -> [2007/03/02 14:01:08 | 000,200,704 | ---- | C] ()
 IVIresizeP6.dll -> C:\Windows\System32\IVIresizeP6.dll -> [2007/03/02 14:01:08 | 000,192,512 | ---- | C] ()
 IVIresizeM6.dll -> C:\Windows\System32\IVIresizeM6.dll -> [2007/03/02 14:01:08 | 000,192,512 | ---- | C] ()
 IVIresize.dll -> C:\Windows\System32\IVIresize.dll -> [2007/03/02 14:01:08 | 000,020,480 | ---- | C] ()
 NDSTray.INI -> C:\Windows\NDSTray.INI -> [2007/02/28 15:47:07 | 000,000,000 | ---- | C] ()
 TosBtAcc.dll -> C:\Windows\System32\TosBtAcc.dll -> [2006/12/05 16:05:06 | 000,114,688 | ---- | C] ()
 GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2006/11/02 07:37:35 | 000,037,665 | ---- | C] ()
 GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,029,779 | ---- | C] ()
 GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2006/11/02 07:37:35 | 000,026,489 | ---- | C] ()
 GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2006/11/02 07:37:35 | 000,026,040 | ---- | C] ()
 sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 07:35:32 | 000,005,632 | ---- | C] ()
 igfxTMM.dll -> C:\Windows\System32\igfxTMM.dll -> [2006/11/02 05:25:21 | 000,249,856 | ---- | C] ()
 pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 02:40:29 | 000,013,750 | ---- | C] ()
 WdfCoInstaller01000.dll -> C:\Windows\System32\WdfCoInstaller01000.dll -> [2006/03/09 13:58:00 | 001,060,424 | ---- | C] ()
 TosCommAPI.dll -> C:\Windows\System32\TosCommAPI.dll -> [2005/07/23 00:30:20 | 000,065,536 | ---- | C] ()
 rfg726.dll -> C:\Windows\System32\rfg726.dll -> [2004/05/31 15:39:46 | 000,045,056 | ---- | C] ()
 mwmp4dec.dll -> C:\Windows\System32\mwmp4dec.dll -> [2004/01/19 18:17:58 | 000,356,352 | ---- | C] ()
 FGWVB32.DLL -> C:\Windows\System32\FGWVB32.DLL -> [2003/03/24 05:03:00 | 000,279,552 | ---- | C] ()
 OUTLPERF.INI -> C:\Windows\System32\OUTLPERF.INI -> [2003/01/07 16:05:08 | 000,002,695 | ---- | C] ()
 ltcry13n.dll -> C:\Windows\System32\ltcry13n.dll -> [2002/12/11 19:19:34 | 000,708,608 | ---- | C] ()
 lttls13n.dll -> C:\Windows\System32\lttls13n.dll -> [2002/12/11 19:19:34 | 000,147,456 | ---- | C] ()
 lfkodak.dll -> C:\Windows\System32\lfkodak.dll -> [2000/04/12 17:28:12 | 000,118,784 | ---- | C] ()
 lffpx7.dll -> C:\Windows\System32\lffpx7.dll -> [2000/04/12 17:24:10 | 000,338,944 | ---- | C] ()
 Declw.dll -> C:\Windows\System32\Declw.dll -> [1996/02/23 16:34:48 | 000,014,629 | ---- | C] ()
 Decln.dll -> C:\Windows\System32\Decln.dll -> [1996/02/22 14:09:20 | 000,032,256 | ---- | C] ()
 
[File - Lop Check]
 Skinux -> C:\Users\Guest\AppData\Roaming\Skinux -> [2008/11/16 09:32:16 | 000,000,000 | ---D | M]
 Template -> C:\Users\Guest\AppData\Roaming\Template -> [2008/12/12 14:54:05 | 000,000,000 | ---D | M]
 ACTIV Software -> C:\Users\Smashley\AppData\Roaming\ACTIV Software -> [2010/04/07 12:27:49 | 000,000,000 | ---D | M]
 Azureus -> C:\Users\Smashley\AppData\Roaming\Azureus -> [2008/10/19 02:50:22 | 000,000,000 | ---D | M]
 EPSON -> C:\Users\Smashley\AppData\Roaming\EPSON -> [2009/04/17 23:56:44 | 000,000,000 | ---D | M]
 GameHouse -> C:\Users\Smashley\AppData\Roaming\GameHouse -> [2008/05/14 21:23:15 | 000,000,000 | ---D | M]
 GetRightToGo -> C:\Users\Smashley\AppData\Roaming\GetRightToGo -> [2010/04/05 15:40:47 | 000,000,000 | ---D | M]
 gtk-2.0 -> C:\Users\Smashley\AppData\Roaming\gtk-2.0 -> [2010/06/17 14:13:35 | 000,000,000 | ---D | M]
 Image Zone Express -> C:\Users\Smashley\AppData\Roaming\Image Zone Express -> [2010/05/06 07:21:18 | 000,000,000 | ---D | M]
 IObit -> C:\Users\Smashley\AppData\Roaming\IObit -> [2010/03/30 06:42:35 | 000,000,000 | ---D | M]
 IrfanView -> C:\Users\Smashley\AppData\Roaming\IrfanView -> [2009/02/17 10:54:40 | 000,000,000 | ---D | M]
 iWinArcade -> C:\Users\Smashley\AppData\Roaming\iWinArcade -> [2008/03/12 02:20:13 | 000,000,000 | ---D | M]
 Leadertech -> C:\Users\Smashley\AppData\Roaming\Leadertech -> [2010/04/05 14:02:46 | 000,000,000 | ---D | M]
 LimeWire -> C:\Users\Smashley\AppData\Roaming\LimeWire -> [2010/06/10 23:10:11 | 000,000,000 | ---D | M]
 My Games -> C:\Users\Smashley\AppData\Roaming\My Games -> [2008/05/14 21:25:12 | 000,000,000 | ---D | M]
 PlayFirst -> C:\Users\Smashley\AppData\Roaming\PlayFirst -> [2008/02/24 20:11:42 | 000,000,000 | ---D | M]
 Printer Info Cache -> C:\Users\Smashley\AppData\Roaming\Printer Info Cache -> [2008/12/01 01:29:56 | 000,000,000 | ---D | M]
 Promethean -> C:\Users\Smashley\AppData\Roaming\Promethean -> [2010/04/08 10:07:48 | 000,000,000 | ---D | M]
 River Past G5 -> C:\Users\Smashley\AppData\Roaming\River Past G5 -> [2008/11/04 23:53:00 | 000,000,000 | ---D | M]
 Skinux -> C:\Users\Smashley\AppData\Roaming\Skinux -> [2008/10/27 23:34:39 | 000,000,000 | ---D | M]
 SMART Technologies Inc -> C:\Users\Smashley\AppData\Roaming\SMART Technologies Inc -> [2010/01/21 16:05:30 | 000,000,000 | ---D | M]
 Smith Micro -> C:\Users\Smashley\AppData\Roaming\Smith Micro -> [2009/05/30 15:20:41 | 000,000,000 | ---D | M]
 Template -> C:\Users\Smashley\AppData\Roaming\Template -> [2007/12/04 08:21:43 | 000,000,000 | ---D | M]
 TOSHIBA -> C:\Users\Smashley\AppData\Roaming\TOSHIBA -> [2009/01/21 02:23:08 | 000,000,000 | ---D | M]
 WinBatch -> C:\Users\Smashley\AppData\Roaming\WinBatch -> [2009/01/22 10:59:14 | 000,000,000 | ---D | M]
 AWC Startup.job -> C:\Windows\Tasks\AWC Startup.job -> [2010/06/30 02:16:24 | 000,000,376 | ---- | M] ()
 SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2010/06/30 02:16:39 | 000,032,522 | ---- | M] ()
 {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> [2010/06/30 02:16:27 | 000,000,298 | -H-- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< netsvcs >
< %SYSTEMDRIVE%\*.exe >
< %SYSTEMDRIVE%\*.* >
 bootmgr -> C:\bootmgr -> [2009/04/11 01:36:36 | 000,333,257 | RHS- | M] ()
 BOOTSECT.BAK -> C:\BOOTSECT.BAK -> [2007/02/28 14:08:50 | 000,008,192 | R-S- | M] ()
 config.sys -> C:\config.sys -> [2006/09/18 16:43:37 | 000,000,010 | ---- | M] ()
 error.log -> C:\error.log -> [2010/05/10 20:25:30 | 000,000,045 | ---- | M] ()
 IO.SYS -> C:\IO.SYS -> [2007/12/28 04:15:53 | 000,000,000 | RHS- | M] ()
 MSDOS.SYS -> C:\MSDOS.SYS -> [2007/12/28 04:15:53 | 000,000,000 | RHS- | M] ()
 pagefile.sys -> C:\pagefile.sys -> [2010/06/30 12:09:08 | 1377,116,160 | -HS- | M] ()
 rapport.txt -> C:\rapport.txt -> [2010/02/07 14:03:50 | 000,002,472 | ---- | M] ()
 YServer.txt -> C:\YServer.txt -> [2008/05/04 16:12:59 | 000,000,162 | ---- | M] ()
< MD5 Scans Start>
< %systemdrive%\AGP440.SYS  /md5 /s >
 AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys -> [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys -> [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys -> [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=13F9E33747E6B41A3FF305C37DB0D360 -> C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys -> [2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation)
 agp440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\drivers\agp440.sys -> [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
 AGP440.sys : MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -> C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys -> [2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation)
< %systemdrive%\ATAPI.SYS  /md5 /s >
 atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\drivers\atapi.sys -> [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys -> [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=1F05B78AB91C9075565A9D8A4B880BC4 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys -> [2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys -> [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=2D9C903DC76A66813D350A562DE40ED9 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys -> [2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys -> [2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys -> [2008/02/15 16:04:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=B35CFCEF838382AB6490B321C87EDF17 -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys -> [2008/02/15 16:04:30 | 000,021,560 | ---- | M] (Microsoft Corporation)
 atapi.sys : MD5=E03E8C99D15D0381E02743C36AFC7C6F -> C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys -> [2008/02/15 16:04:27 | 000,021,560 | ---- | M] (Microsoft Corporation)
< %systemdrive%\CNGAUDIT.DLL  /md5 /s >
 cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\System32\cngaudit.dll -> [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
 cngaudit.dll : MD5=7F15B4953378C8B5161D65C26D5FED4D -> C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll -> [2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation)
< %systemdrive%\IASTORV.SYS  /md5 /s >
 iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys -> [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
 iaStorV.sys : MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -> C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys -> [2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation)
 iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\drivers\iaStorV.sys -> [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
 iaStorV.sys : MD5=C957BF4B5D80B46C5017BF0101E6C906 -> C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys -> [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation)
< %systemdrive%\KR10N.SYS  /md5 /s >
 KR10N.sys : MD5=A1963360E74931222A67356C8AD48378 -> C:\Windows\System32\drivers\KR10N.sys -> [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION)
 KR10N.sys : MD5=A1963360E74931222A67356C8AD48378 -> C:\Windows\System32\DriverStore\FileRepository\kr10n.inf_f8c77270\KR10N.sys -> [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION)
< %systemdrive%\NETLOGON.DLL  /md5 /s >
 netlogon.dll : MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll -> [2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\System32\netlogon.dll -> [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=95DAECF0FB120A7B5DA679CC54E37DDE -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll -> [2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation)
 netlogon.dll : MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -> C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll -> [2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation)
< %systemdrive%\NVSTOR.SYS  /md5 /s >
 nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\drivers\nvstor.sys -> [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
 nvstor.sys : MD5=9E0BA19A28C498A6D323D065DB76DFFC -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys -> [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation)
 nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys -> [2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
 nvstor.sys : MD5=ABED0C09758D1D97DB0042DBB2688177 -> C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys -> [2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation)
< %systemdrive%\SCECLI.DLL  /md5 /s >
 scecli.dll : MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll -> [2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=80E2839D05CA5970A86D7BE2A08BFF61 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll -> [2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\System32\scecli.dll -> [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
 scecli.dll : MD5=8FC182167381E9915651267044105EE1 -> C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll -> [2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation)
< MD5 Scans End>
< %systemroot%\*. /mp /s >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options /s >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
\DllNXOptions\\"mscoree.dll" ->  [1] -> File not found
\DllNXOptions\\"mscorwks.dll" ->  [1] -> File not found
\DllNXOptions\\"mso.dll" ->  [1] -> File not found
\DllNXOptions\\"msjava.dll" ->  [1] -> File not found
\DllNXOptions\\"msci_uno.dll" ->  [1] -> File not found
\DllNXOptions\\"jvm.dll" ->  [1] -> File not found
\DllNXOptions\\"jvm_g.dll" ->  [1] -> File not found
\DllNXOptions\\"javai.dll" ->  [1] -> File not found
\DllNXOptions\\"vb40032.dll" ->  [1] -> File not found
\DllNXOptions\\"vbe6.dll" ->  [1] -> File not found
\DllNXOptions\\"ums.dll" ->  [1] -> File not found
\DllNXOptions\\"main123w.dll" ->  [1] -> File not found
\DllNXOptions\\"udtapi.dll" ->  [1] -> File not found
\DllNXOptions\\"mscorsvr.dll" ->  [1] -> File not found
\DllNXOptions\\"eMigrationmmc.dll" ->  [1] -> File not found
\DllNXOptions\\"eProcedureMMC.dll" ->  [1] -> File not found
\DllNXOptions\\"eQueryMMC.dll" ->  [1] -> File not found
\DllNXOptions\\"EncryptPatchVer.dll" ->  [1] -> File not found
\DllNXOptions\\"Cleanup.dll" ->  [1] -> File not found
\DllNXOptions\\"divx.dll" ->  [1] -> File not found
\DllNXOptions\\"divxdec.ax" ->  [1] -> File not found
\DllNXOptions\\"fullsoft.dll" ->  [1] -> File not found
\DllNXOptions\\"NSWSTE.dll" ->  [1] -> File not found
\DllNXOptions\\"ASSTE.dll" ->  [1] -> File not found
\DllNXOptions\\"NPMLIC.dll" ->  [1] -> File not found
\DllNXOptions\\"PMSTE.dll" ->  [1] -> File not found
\DllNXOptions\\"AVSTE.dll" ->  [1] -> File not found
\DllNXOptions\\"NAVOPTRF.dll" ->  [1] -> File not found
\DllNXOptions\\"DRMINST.dll" ->  [1] -> File not found
\DllNXOptions\\"TFDTCTT8.dll" ->  [1] -> File not found
\DllNXOptions\\"DJSMAR00.dll" ->  [1] -> File not found
\DllNXOptions\\"xlmlEN.dll" ->  [1] -> File not found
\DllNXOptions\\"ISSTE.dll" ->  [1] -> File not found
\DllNXOptions\\"symlcnet.dll" ->  [1] -> File not found
\DllNXOptions\\"ppw32hlp.dll" ->  [1] -> File not found
\DllNXOptions\\"Apitrap.dll" ->  [1] -> File not found
\DllNXOptions\\"Vegas60k.dll" ->  [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IEInstal.exe
\IEInstal.exe\\"ExecuteOptions" ->  [0] -> File not found
OTS cannot create restorepoints on Vista OSs!
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
 
[Alternate Data Streams]
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B9252F22
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
@Alternate Data Stream - 64 bytes -> C:\Users\Smashley\Ashley.bak.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Smashley\Desktop\Ashley Video_AVI.avi:TOC.WMV
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
< End of report >

Attached Files


Edited by Smashley76, 01 July 2010 - 02:47 PM.
expanded OTS scan.

  • 0

Similar Topics: Fake anti-virus software won't let me run anything [Solved]     x


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello and welcome to the forums! My name is SweetTech, it's a pleasure to meet you. :)

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> 
YN -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyEnable" -> 1
YN -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyOverride" -> <local>
YN -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\: "ProxyServer" -> http=127.0.0.1:5577
< FireFox Settings [Prefs.js] > -> C:\Users\Smashley\AppData\Roaming\Mozilla\FireFox\Profiles\vtup31pg.default\prefs.js
YN -> network.proxy.type -> 4
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "NDSTray.exe" -> [NDSTray.exe]
< Run [HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\] > -> HKEY_USERS\S-1-5-21-1679214456-368351518-2209028700-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "ggldadpe" -> C:\Users\Smashley\AppData\Local\bdibbjahd\ohupgcrtssd.exe [C:\Users\Smashley\AppData\Local\bdibbjahd\ohupgcrtssd.exe]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YY -> \{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\EMP_UDSe.exe [F:\EMP_UDSe.exe /autorun]
YY -> \{4b0432f2-2436-11df-b00a-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YY -> \{4b0432fd-2436-11df-b00a-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YY -> \{4db79140-72ee-11de-8041-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
YY -> \{5df7010f-dc25-11dd-b09c-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a]
YY -> \{8ba3e4b2-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command\\"" -> E:\setupSNK.exe [E:\setupSNK.exe]
YY -> \{8ba3e4b5-b470-11de-8642-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a]
YY -> \{d9f2e680-af89-11de-ace1-00a0d17cf124}\shell\AutoRun\command\\"" -> F:\LaunchU3.exe [F:\LaunchU3.exe -a]
YY -> \{f27f8b42-47e1-11de-a951-00a0d17cf124}\shell\AutoRun\command\\"" -> E:\AutoRun.exe [E:\AutoRun.exe]
YY -> \{f27f8bba-47e1-11de-a951-7a8020000200}\shell\AutoRun\command\\"" -> F:\AutoRun.exe [F:\AutoRun.exe]
[Files/Folders - Modified Within 30 Days]
NY -> oqalarejuc.dll -> C:\Users\Smashley\AppData\Local\oqalarejuc.dll
NY -> 13 C:\Users\Smashley\AppData\Local\Temp\*.tmp files -> C:\Users\Smashley\AppData\Local\Temp\*.tmp
[Files - No Company Name]
NY -> oqalarejuc.dll -> C:\Users\Smashley\AppData\Local\oqalarejuc.dll
[File - Lop Check]
NY -> {8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job -> C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[Alternate Data Streams]
NY -> @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:B9252F22
NY -> @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:94A19129
NY -> @Alternate Data Stream - 64 bytes -> C:\Users\Smashley\Ashley.bak.avi:TOC.WMV
NY -> @Alternate Data Stream - 64 bytes -> C:\Users\Smashley\Desktop\Ashley Video_AVI.avi:TOC.WMV
NY -> @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:9AEE100C
[Empty Temp Folders]
[CreateRestorePoint]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.

If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




NEXT:



  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in


    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTS Log.
3. Updated MBAM Scan.
4. GMER Scan.
5. OTL Scan.
6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.
  • 0

#3
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
1. My audio devices will not work and I can't burn a CD either. It says it's not working bc the configuration information in the registry is messed up. Is that because of the virus or because of something I did?

I uploaded the files in the order that you asked but, I was unable to figure out how to put them on this post to number them, sorry.

2. OTS log
3. MBAM scan
4. GMER scan
5. OTL scan

6. The fake virus warnings are no longer popping of probably because of all of the scans and things I ran before you instructed me not to. However, it's slower than Methuselah and I have no sound :-(


Thank you for all of your help!

Attached Files


  • 0

#4
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

I see that you are running both Avast and AVG. It's not a good idea to run more than one Anti-Virus program as it can cause them to clause with each other, as well as produce false positives. I suggest you pick one to use and uninstall the other one.

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

    :Services
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    O4 - HKCU..\Run: [TOSCDSPD]  File not found
    O33 - MountPoints2\{0aea8497-2f57-11dd-82ed-00a0d17cf124}\Shell\AutoRun\command - "" = E:\Player\DVR_Player.exe ..\20 -- File not found
    O33 - MountPoints2\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b0432f2-2436-11df-b00a-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{4b0432fd-2436-11df-b00a-7a8020000200}\Shell - "" = AutoRun
    O33 - MountPoints2\{4db79140-72ee-11de-8041-7a8020000200}\Shell - "" = AutoRun
    O33 - MountPoints2\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{d9f2e680-af89-11de-ace1-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{f27f8b42-47e1-11de-a951-00a0d17cf124}\Shell - "" = AutoRun
    O33 - MountPoints2\{f27f8bba-47e1-11de-a951-7a8020000200}\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#5
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
The pop ups are gone but there is still no sound. It has the same errors in the device manager.

Here is the OTL fix & ComboFix file.

Which would you recommend: Avast or AVG?

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\TOSCDSPD deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0aea8497-2f57-11dd-82ed-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0aea8497-2f57-11dd-82ed-00a0d17cf124}\ not found.
File E:\Player\DVR_Player.exe ..\20 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16e78b7b-4f5a-11df-a01c-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432f2-2436-11df-b00a-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b0432f2-2436-11df-b00a-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4b0432fd-2436-11df-b00a-7a8020000200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4b0432fd-2436-11df-b00a-7a8020000200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4db79140-72ee-11de-8041-7a8020000200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4db79140-72ee-11de-8041-7a8020000200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5df7010f-dc25-11dd-b09c-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8ba3e4b5-b470-11de-8642-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d9f2e680-af89-11de-ace1-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9f2e680-af89-11de-ace1-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8b42-47e1-11de-a951-00a0d17cf124}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f27f8b42-47e1-11de-a951-00a0d17cf124}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f27f8bba-47e1-11de-a951-7a8020000200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f27f8bba-47e1-11de-a951-7a8020000200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe not found.
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

User: Smashley
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42383534 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 89317 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 943 bytes

Total Files Cleaned = 41.00 mb

Error: Unable to interpret <[EMPTYFLASH]> in the current context!

OTL by OldTimer - Version 3.1.28.0 log created on 07022010_123524

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


ComboFix 10-07-01.02 - Smashley 07/02/2010 15:17:44.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.160 [GMT -5:00]
Running from: c:\users\Smashley\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
.

2010-07-02 20:42 . 2010-07-02 20:42 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-02 20:42 . 2010-07-02 20:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-02 20:42 . 2010-07-02 20:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-02 19:02 . 2010-07-02 20:43 -------- d-----w- c:\users\Smashley\AppData\Local\temp
2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- C:\_OTL
2010-07-02 06:30 . 2010-07-02 06:35 -------- d--h--w- c:\program files\Temp
2010-07-01 23:37 . 2010-07-01 23:37 -------- d-----w- c:\windows\system32\x64
2010-07-01 23:37 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-07-01 21:23 . 2010-07-01 21:23 -------- d-----w- C:\Intel
2010-07-01 18:18 . 2010-07-01 18:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 18:09 . 2010-06-30 18:09 -------- d-----w- c:\users\Smashley\AppData\Local\AVG Security Toolbar
2010-06-30 17:30 . 2010-06-30 19:53 -------- d-----w- C:\$AVG
2010-06-30 17:26 . 2010-07-01 18:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-30 17:26 . 2010-07-01 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 17:26 . 2010-07-01 18:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 17:26 . 2010-07-01 18:19 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-30 17:26 . 2010-06-30 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-30 04:38 . 2010-07-01 23:59 680 ----a-w- c:\users\Smashley\AppData\Local\d3d9caps.dat
2010-06-30 04:21 . 2010-07-02 05:10 -------- d-----w- c:\users\Smashley\AppData\Local\bdibbjahd
2010-06-24 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 05:23 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-18 00:30 . 2010-06-18 00:30 -------- d-----w- c:\users\Smashley\heart
2010-06-09 02:40 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:40 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 02:40 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 06:35 . 2007-02-28 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 06:35 . 2007-02-28 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-02 05:34 . 2010-02-07 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-30 17:25 . 2010-02-07 02:10 -------- d-----w- c:\programdata\avg9
2010-06-30 04:22 . 2010-02-07 05:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 04:22 . 2010-05-06 01:11 -------- d-----w- c:\program files\Common Files\Motive
2010-06-29 00:07 . 2009-09-28 00:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 20:57 . 2010-03-30 11:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-30 11:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-30 11:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-30 11:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-30 11:46 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-03-30 11:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 08:02 . 2007-07-18 05:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 19:13 . 2007-12-07 22:28 -------- d-----w- c:\users\Smashley\AppData\Roaming\gtk-2.0
2010-06-12 06:28 . 2010-04-05 20:15 501584 ----a-w- c:\users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 04:10 . 2007-11-26 11:16 -------- d-----w- c:\users\Smashley\AppData\Roaming\LimeWire
2010-06-09 04:04 . 2009-09-18 01:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 04:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 03:50 . 2007-11-26 11:16 -------- d-----w- c:\program files\LimeWire
2010-06-09 03:43 . 2007-07-18 05:56 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 19:14 . 2009-10-03 00:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 01:57 . 2009-02-17 16:03 -------- d-----w- c:\users\Smashley\AppData\Roaming\ArcSoft
2010-05-11 00:25 . 2010-05-07 22:37 -------- d-----w- c:\programdata\ArcSoft
2010-05-07 22:37 . 2010-05-07 22:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-07 22:37 . 2009-02-09 00:18 -------- d-----w- c:\program files\ArcSoft
2010-05-06 12:21 . 2008-12-01 06:29 -------- d-----w- c:\users\Smashley\AppData\Roaming\Image Zone Express
2010-05-06 01:12 . 2010-05-06 01:11 -------- d-----w- c:\program files\ATT-PRT22-WISE
2010-05-06 01:11 . 2010-05-06 01:11 -------- d-----w- c:\programdata\Motive
2010-05-06 01:10 . 2010-05-06 01:10 -------- d-----w- c:\program files\ATT
2010-05-04 12:11 . 2008-12-01 05:45 148904 ----a-w- c:\windows\hpoins19.dat
2010-05-04 05:59 . 2010-06-09 02:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 02:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 02:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 02:39 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2010-02-07 00:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-07 00:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 03:30 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-14 370992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2009-10-22 1088800]
"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-15 329632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-01 2065248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Smashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Smashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 14:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,8e,da,8f,1b,3a,ca,01

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2008-05-15 17664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-01 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-01 308064]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-30 16:02]

2010-07-01 c:\windows\Tasks\Norton Security Scan for Smashley.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-07 15:22]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {62E68F72-4893-476F-B1E9-D04FBA56E918} = 75.116.127.154 75.116.63.154
FF - ProfilePath - c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/forecast/USLA0319_f.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 15:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-07-02 15:56:38
ComboFix-quarantined-files.txt 2010-07-02 20:56
ComboFix2.txt 2010-07-02 19:02

Pre-Run: 55,536,635,904 bytes free
Post-Run: 55,298,551,808 bytes free

- - End Of File - - E9339DEB47BAE0CFB51CCA97A6503F24

Attached Files


Edited by SweetTech, 02 July 2010 - 03:42 PM.
expanded logs --ST

  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

Before running MBAM please ensure that you update it to the latest database version. If the choice was between AVG or Avast, I think I'd go with Avast.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
Folder::
c:\users\Smashley\AppData\Local\bdibbjahd
DirLook::
c:\windows\system32\x64

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#7
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
Here's my MBAM log but, I couldn't find the log that the ComboFix posted.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

7/4/2010 05:20:14 PM
mbam-log-2010-07-04 (17-20-14).txt

Scan type: Quick scan
Objects scanned: 136299
Time elapsed: 18 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files


Edited by SweetTech, 05 July 2010 - 08:49 AM.
expanded log--ST

  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Locating ComboFix Log
  • Right click on START on the left end of your Windows toolbar (lower left corner of your screen)
  • Click on Explore
  • Click on Local Disk (C:) in the left-hand window pane
  • Look for ComboFix.txt in the right-hand window pane and right click on it
  • Put your cursor (arrow) on Open With
  • Move your cursor to the new menu that opens and click on Choose Program...
  • Click on Notepad

When file opens, Copy/Paste text here.
  • 0

#9
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
Here's the ComboFix log. Still no sound :-(


ComboFix 10-07-04.04 - Smashley 07/05/2010 13:49:29.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.306 [GMT -5:00]
Running from: c:\users\Smashley\Downloads\ComboFix.exe
Command switches used :: c:\users\Smashley\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 )))))))))))))))))))))))))))))))
.

2010-07-05 19:10 . 2010-07-05 19:17 -------- d-----w- c:\users\Smashley\AppData\Local\temp
2010-07-05 19:10 . 2010-07-05 19:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-05 19:10 . 2010-07-05 19:10 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-05 19:10 . 2010-07-05 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- C:\_OTL
2010-07-02 06:30 . 2010-07-02 06:35 -------- d--h--w- c:\program files\Temp
2010-07-01 23:37 . 2010-07-01 23:37 -------- d-----w- c:\windows\system32\x64
2010-07-01 23:37 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-07-01 21:23 . 2010-07-01 21:23 -------- d-----w- C:\Intel
2010-07-01 18:18 . 2010-07-01 18:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 18:09 . 2010-06-30 18:09 -------- d-----w- c:\users\Smashley\AppData\Local\AVG Security Toolbar
2010-06-30 17:30 . 2010-06-30 19:53 -------- d-----w- C:\$AVG
2010-06-30 17:26 . 2010-07-01 18:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-30 17:26 . 2010-07-01 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 17:26 . 2010-07-01 18:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 17:26 . 2010-07-05 18:16 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-30 17:26 . 2010-06-30 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-30 04:38 . 2010-07-01 23:59 680 ----a-w- c:\users\Smashley\AppData\Local\d3d9caps.dat
2010-06-24 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 05:23 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-18 00:30 . 2010-06-18 00:30 -------- d-----w- c:\users\Smashley\heart
2010-06-09 02:40 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:40 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 02:40 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 06:35 . 2007-02-28 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 06:35 . 2007-02-28 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-02 05:34 . 2010-02-07 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-30 17:25 . 2010-02-07 02:10 -------- d-----w- c:\programdata\avg9
2010-06-30 04:22 . 2010-02-07 05:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 04:22 . 2010-05-06 01:11 -------- d-----w- c:\program files\Common Files\Motive
2010-06-29 00:07 . 2009-09-28 00:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 20:57 . 2010-03-30 11:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-30 11:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-30 11:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-30 11:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-30 11:46 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-03-30 11:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 08:02 . 2007-07-18 05:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 19:13 . 2007-12-07 22:28 -------- d-----w- c:\users\Smashley\AppData\Roaming\gtk-2.0
2010-06-12 06:28 . 2010-04-05 20:15 501584 ----a-w- c:\users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 04:10 . 2007-11-26 11:16 -------- d-----w- c:\users\Smashley\AppData\Roaming\LimeWire
2010-06-09 04:04 . 2009-09-18 01:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 04:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 03:50 . 2007-11-26 11:16 -------- d-----w- c:\program files\LimeWire
2010-06-09 03:43 . 2007-07-18 05:56 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 19:14 . 2009-10-03 00:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 01:57 . 2009-02-17 16:03 -------- d-----w- c:\users\Smashley\AppData\Roaming\ArcSoft
2010-05-11 00:25 . 2010-05-07 22:37 -------- d-----w- c:\programdata\ArcSoft
2010-05-07 22:37 . 2010-05-07 22:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-07 22:37 . 2009-02-09 00:18 -------- d-----w- c:\program files\ArcSoft
2010-05-04 12:11 . 2008-12-01 05:45 148904 ----a-w- c:\windows\hpoins19.dat
2010-05-04 05:59 . 2010-06-09 02:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 02:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 02:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 02:39 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2010-02-07 00:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-07 00:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 03:30 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\x64 ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-14 370992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2009-10-22 1088800]
"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-15 329632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-01 2065248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Smashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Smashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 14:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,8e,da,8f,1b,3a,ca,01

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2008-05-15 17664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-01 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-01 308064]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-30 16:02]

2010-07-05 c:\windows\Tasks\Norton Security Scan for Smashley.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-07 15:22]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {62E68F72-4893-476F-B1E9-D04FBA56E918} = 75.116.127.154 75.116.63.154
FF - ProfilePath - c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/forecast/USLA0319_f.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6068)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\Activ Software\ActivDriver\activmgr.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-07-05 14:39:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-05 19:38
ComboFix2.txt 2010-07-02 20:56
ComboFix3.txt 2010-07-02 19:02

Pre-Run: 54,536,040,448 bytes free
Post-Run: 53,805,318,144 bytes free

- - End Of File - - 3A63BE0067B988DD7DCAB461B75CDD14

Attached Files


Edited by SweetTech, 05 July 2010 - 05:22 PM.
expanded log--ST

  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Did you uninstall Avast?
  • 0

#11
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

After running the ComboFix script below please inform me of how things are running with your system.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RegNul::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#12
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
Here's the latest ComboFix log


ComboFix 10-07-04.04 - Smashley 07/06/2010 1:34.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.379 [GMT -5:00]
Running from: c:\users\Smashley\Downloads\ComboFix.exe
Command switches used :: c:\users\Smashley\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-06-06 to 2010-07-06 )))))))))))))))))))))))))))))))
.

2010-07-06 06:53 . 2010-07-06 06:53 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-06 06:53 . 2010-07-06 06:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-06 06:53 . 2010-07-06 06:53 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-05 19:10 . 2010-07-06 06:53 -------- d-----w- c:\users\Smashley\AppData\Local\temp
2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- C:\_OTL
2010-07-02 06:30 . 2010-07-02 06:35 -------- d--h--w- c:\program files\Temp
2010-07-01 23:37 . 2010-07-01 23:37 -------- d-----w- c:\windows\system32\x64
2010-07-01 23:37 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-07-01 21:23 . 2010-07-01 21:23 -------- d-----w- C:\Intel
2010-07-01 18:18 . 2010-07-01 18:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 18:09 . 2010-06-30 18:09 -------- d-----w- c:\users\Smashley\AppData\Local\AVG Security Toolbar
2010-06-30 17:30 . 2010-06-30 19:53 -------- d-----w- C:\$AVG
2010-06-30 17:26 . 2010-07-01 18:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-30 17:26 . 2010-07-01 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 17:26 . 2010-07-01 18:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 17:26 . 2010-07-05 22:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-30 17:26 . 2010-06-30 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-30 04:38 . 2010-07-01 23:59 680 ----a-w- c:\users\Smashley\AppData\Local\d3d9caps.dat
2010-06-24 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 05:23 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-18 00:30 . 2010-06-18 00:30 -------- d-----w- c:\users\Smashley\heart
2010-06-09 02:40 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:40 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 02:40 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 06:35 . 2007-02-28 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 06:35 . 2007-02-28 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-02 05:34 . 2010-02-07 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 18:18 . 2010-07-01 18:18 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-01 18:18 . 2010-07-01 18:18 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-01 18:18 . 2010-07-01 18:18 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-30 17:26 . 2010-07-01 18:10 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-30 17:26 . 2010-07-01 18:10 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-30 17:26 . 2010-07-01 18:10 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-06-30 17:26 . 2010-07-01 18:10 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-30 17:25 . 2010-02-07 02:10 -------- d-----w- c:\programdata\avg9
2010-06-30 04:22 . 2010-02-07 05:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 04:22 . 2010-05-06 01:11 -------- d-----w- c:\program files\Common Files\Motive
2010-06-29 00:07 . 2009-09-28 00:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 20:57 . 2010-03-30 11:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-30 11:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-30 11:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-30 11:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-30 11:46 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-03-30 11:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 08:02 . 2007-07-18 05:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 19:13 . 2007-12-07 22:28 -------- d-----w- c:\users\Smashley\AppData\Roaming\gtk-2.0
2010-06-12 06:28 . 2010-04-05 20:15 501584 ----a-w- c:\users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 04:10 . 2007-11-26 11:16 -------- d-----w- c:\users\Smashley\AppData\Roaming\LimeWire
2010-06-09 04:04 . 2009-09-18 01:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 04:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 03:52 . 2010-06-09 03:52 20480 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-06-09 03:52 . 2010-06-09 03:52 18944 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-06-09 03:52 . 2010-06-09 03:52 17408 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-06-09 03:52 . 2010-06-09 03:52 20480 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-06-09 03:52 . 2010-06-09 03:52 8192 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-06-09 03:50 . 2007-11-26 11:16 -------- d-----w- c:\program files\LimeWire
2010-06-09 03:43 . 2007-07-18 05:56 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 19:14 . 2009-10-03 00:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 01:57 . 2009-02-17 16:03 -------- d-----w- c:\users\Smashley\AppData\Roaming\ArcSoft
2010-05-11 01:25 . 2010-05-11 00:25 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-05-11 00:25 . 2010-05-07 22:37 -------- d-----w- c:\programdata\ArcSoft
2010-05-07 22:37 . 2010-05-07 22:37 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-05-07 22:37 . 2009-02-09 00:18 -------- d-----w- c:\program files\ArcSoft
2010-05-04 12:11 . 2008-12-01 05:45 148904 ----a-w- c:\windows\hpoins19.dat
2010-05-04 05:59 . 2010-06-09 02:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 02:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 02:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 02:39 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:24 . 2010-04-29 22:24 52224 ----a-w- c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
2010-04-29 22:24 . 2010-04-29 22:24 101376 ----a-w- c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
2010-04-29 20:39 . 2010-02-07 00:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-07 00:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 03:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 05:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 05:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 05:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 05:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-04-07 17:34 . 2010-04-07 17:34 63488 ----a-w- c:\programdata\Activ Software\ActivApplications\ActivFocusHook.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-14 370992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2009-10-22 1088800]
"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-15 329632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-01 2065248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Smashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Smashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 14:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,8e,da,8f,1b,3a,ca,01

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2008-05-15 17664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-01 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-01 308064]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-05 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-30 16:02]

2010-07-05 c:\windows\Tasks\Norton Security Scan for Smashley.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-07 15:22]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {62E68F72-4893-476F-B1E9-D04FBA56E918} = 75.116.127.154 75.116.63.154
FF - ProfilePath - c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/forecast/USLA0319_f.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 01:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4800)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
.
Completion time: 2010-07-06 02:05:55
ComboFix-quarantined-files.txt 2010-07-06 07:05
ComboFix2.txt 2010-07-05 19:39
ComboFix3.txt 2010-07-02 20:56
ComboFix4.txt 2010-07-02 19:02

Pre-Run: 52,156,026,880 bytes free
Post-Run: 52,126,392,320 bytes free

- - End Of File - - EF1266E00E5D698D1F54C7C621C93F4D

Attached Files


Edited by SweetTech, 06 July 2010 - 04:29 PM.
expanded log--ST

  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Hello,

Please run ComboFix again. There was a typo in my previous script. Sorry about that. After running the script below please inform me of how your computer is currently operating.

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

RegNull::
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

#14
Smashley76

Smashley76

    Member

  • Member
  • PipPip
  • 21 posts
No, I haven't uninstalled Avast bc I really like it better than AVG but, AVG has an internet link scanner component that I love. So, I disabled all of AVG but the link scanner. Is there any type of program that is just solely like the link scanner component?

Here's the very latest ComboFix.


ComboFix 10-07-06.03 - Smashley 07/07/2010 0:15.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.359 [GMT -5:00]
Running from: c:\users\Smashley\Downloads\ComboFix.exe
Command switches used :: c:\users\Smashley\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-07 06:21 . 2010-07-07 06:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-07 06:21 . 2010-07-07 06:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-07-07 06:21 . 2010-07-07 06:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-05 19:10 . 2010-07-07 06:21 -------- d-----w- c:\users\Smashley\AppData\Local\temp
2010-07-02 17:35 . 2010-07-02 17:35 -------- d-----w- C:\_OTL
2010-07-02 06:30 . 2010-07-02 06:35 -------- d--h--w- c:\program files\Temp
2010-07-01 23:37 . 2010-07-01 23:37 -------- d-----w- c:\windows\system32\x64
2010-07-01 23:37 . 2008-02-12 01:13 920088 ----a-w- c:\windows\system32\igxpun.exe
2010-07-01 21:23 . 2010-07-01 21:23 -------- d-----w- C:\Intel
2010-07-01 18:18 . 2010-07-01 18:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-01 18:17 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-30 18:09 . 2010-06-30 18:09 -------- d-----w- c:\users\Smashley\AppData\Local\AVG Security Toolbar
2010-06-30 17:30 . 2010-06-30 19:53 -------- d-----w- C:\$AVG
2010-06-30 17:26 . 2010-07-01 18:18 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-30 17:26 . 2010-07-01 18:15 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 17:26 . 2010-07-01 18:18 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-30 17:26 . 2010-07-05 22:31 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-30 17:26 . 2010-06-30 17:28 -------- d-----w- c:\programdata\AVG Security Toolbar
2010-06-30 04:38 . 2010-07-01 23:59 680 ----a-w- c:\users\Smashley\AppData\Local\d3d9caps.dat
2010-06-24 08:00 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 08:00 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 08:00 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 08:00 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 08:00 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 05:23 . 2010-04-16 16:43 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 05:23 . 2010-04-16 14:39 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-18 00:30 . 2010-06-18 00:30 -------- d-----w- c:\users\Smashley\heart
2010-06-09 02:40 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-09 02:40 . 2010-05-26 14:47 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 02:40 . 2010-05-26 17:06 34304 ----a-w- c:\windows\system32\atmlib.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 06:35 . 2007-02-28 19:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-02 06:35 . 2007-02-28 19:50 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-07-02 05:34 . 2010-02-07 00:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-01 18:18 . 2010-07-01 18:18 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-07-01 18:18 . 2010-07-01 18:18 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-07-01 18:18 . 2010-07-01 18:18 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-06-30 17:26 . 2010-07-01 18:10 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-06-30 17:26 . 2010-07-01 18:10 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-06-30 17:26 . 2010-07-01 18:10 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-06-30 17:26 . 2010-07-01 18:10 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-06-30 17:25 . 2010-02-07 02:10 -------- d-----w- c:\programdata\avg9
2010-06-30 04:22 . 2010-02-07 05:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-30 04:22 . 2010-05-06 01:11 -------- d-----w- c:\program files\Common Files\Motive
2010-06-29 00:07 . 2009-09-28 00:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-28 20:57 . 2010-03-30 11:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-03-30 11:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-03-30 11:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-03-30 11:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-03-30 11:46 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-03-30 11:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 08:02 . 2007-07-18 05:58 -------- d-----w- c:\program files\Microsoft.NET
2010-06-17 19:13 . 2007-12-07 22:28 -------- d-----w- c:\users\Smashley\AppData\Roaming\gtk-2.0
2010-06-12 06:28 . 2010-04-05 20:15 501584 ----a-w- c:\users\Smashley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-11 04:10 . 2007-11-26 11:16 -------- d-----w- c:\users\Smashley\AppData\Roaming\LimeWire
2010-06-09 04:04 . 2009-09-18 01:22 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 04:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-06-09 03:52 . 2010-06-09 03:52 20480 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
2010-06-09 03:52 . 2010-06-09 03:52 18944 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
2010-06-09 03:52 . 2010-06-09 03:52 17408 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
2010-06-09 03:52 . 2010-06-09 03:52 20480 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
2010-06-09 03:52 . 2010-06-09 03:52 8192 ----a-w- c:\users\Smashley\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
2010-06-09 03:50 . 2007-11-26 11:16 -------- d-----w- c:\program files\LimeWire
2010-06-09 03:43 . 2007-07-18 05:56 -------- d-----w- c:\programdata\Microsoft Help
2010-05-21 19:14 . 2009-10-03 00:43 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-11 01:57 . 2009-02-17 16:03 -------- d-----w- c:\users\Smashley\AppData\Roaming\ArcSoft
2010-05-11 01:25 . 2010-05-11 00:25 5311698 ----a-w- c:\programdata\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-05-11 00:25 . 2010-05-07 22:37 -------- d-----w- c:\programdata\ArcSoft
2010-05-04 12:11 . 2008-12-01 05:45 148904 ----a-w- c:\windows\hpoins19.dat
2010-05-04 05:59 . 2010-06-09 02:39 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-09 02:39 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 05:55 . 2010-06-09 02:39 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 04:31 . 2010-06-09 02:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-01 14:13 . 2010-06-09 02:39 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:24 . 2010-04-29 22:24 52224 ----a-w- c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
2010-04-29 22:24 . 2010-04-29 22:24 101376 ----a-w- c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
2010-04-29 20:39 . 2010-02-07 00:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-07 00:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:13 . 2010-05-26 03:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-16 16:43 . 2010-06-23 05:23 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-04-16 16:43 . 2010-06-23 05:23 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-04-16 16:43 . 2010-06-23 05:23 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-04-16 16:43 . 2010-06-23 05:23 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-02 835584]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2006-12-20 411768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-08 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-01-19 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-01-17 534648]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"GoBoingo"="c:\program files\Alltel\GoBoingo\AlltelWifi.exe" [2007-10-02 324912]
"sealmon.exe"="c:\program files\Oracle\Information Rights Management\Desktop\sealmon.exe" [2010-01-14 370992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"CamWizard"="c:\program files\Common Files\Logitech\QCDRV\BIN\CamWizrd.exe" [2005-05-13 184320]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"ActivControl"="c:\program files\Activ Software\ActivDriver\ActivControl2.exe" [2009-10-22 1088800]
"EPSON_UD_START"="c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UD.exe" [2009-04-15 329632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-01 2065248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Microsoft Office OneNote 2003 Quick Launch.lnk - c:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2007-4-19 64864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Smashley^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Smashley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-02-13 14:30 405504 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 03:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,8e,da,8f,1b,3a,ca,01

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-08-28 908056]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys [2008-05-15 17664]
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSP;aswSP; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-01 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-01 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-08-28 297752]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-01 308064]
S2 EMP_UDSA;EMP_UDSA;c:\program files\EPSON Projector\EPSON USB Display V1.4\EMP_UDSA.exe [2009-04-16 98304]
S3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\DRIVERS\activhidsermini.sys [2009-05-05 55936]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\DRIVERS\activmouse.sys [2009-10-05 6144]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-30 16:02]

2010-07-05 c:\windows\Tasks\Norton Security Scan for Smashley.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.0.52\Nss.exe [2010-01-07 15:22]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {62E68F72-4893-476F-B1E9-D04FBA56E918} = 75.116.127.154 75.116.63.154
FF - ProfilePath - c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://weather.yahoo.com/forecast/USLA0319_f.html
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\FFExternalAlert.dll
FF - component: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\users\Smashley\AppData\Roaming\Mozilla\Firefox\Profiles\vtup31pg.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-07 01:21
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5752)
c:\programdata\ACTIV Software\ActivApplications\ActivFocusHook.dll
.
Completion time: 2010-07-07 01:33:17
ComboFix-quarantined-files.txt 2010-07-07 06:33
ComboFix2.txt 2010-07-06 07:05
ComboFix3.txt 2010-07-05 19:39
ComboFix4.txt 2010-07-02 20:56
ComboFix5.txt 2010-07-07 05:10

Pre-Run: 51,829,243,904 bytes free
Post-Run: 51,375,837,184 bytes free

- - End Of File - - B70AC415A41A0378961246890F31DCCA

Attached Files


Edited by SweetTech, 07 July 2010 - 01:04 PM.
expanded CF Log--ST

  • 0

#15
SweetTech

SweetTech

    Sir SpamAlot

  • Moderator
  • 7,671 posts
Download Bootkit Remover to your desktop.
Note: This is a rar file if you do not have a program to open it then download and install Peazip
  • Extract Remover.exe to your desktop
  • Right click Remover.exe and select Run as Administrator (Vista) or Double click Remover.exe to run it (XP) <--- remove the one you don't need
  • It will show a Black screen with some data on it
  • Right click on the screen and select > Select All
  • Press Control + C <--- This will copy the contents of the screen to your clipboard.
  • Go to Start > Run > Notepad.exe (followed by enter) and press Control + V to paste the contents of your clipboard into the notepad window.
  • Post the resultant log here please.

  • 0




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured