Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Combofix report

Started by sassynclassy25 , Sep 25 2010 04:29 PM

Please log in to reply

#1
sassynclassy25

Posted 25 September 2010 - 04:29 PM

New Member

Member
2 posts

ComboFix 10-09-25.03 - Ashley Scoggin 09/25/2010 16:57:40.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.782 [GMT -5:00]
Running from: c:\documents and settings\Ashley Scoggin\My Documents\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ashley Scoggin\Local Settings\Application Data\tnwtkkhkg
c:\documents and settings\Ashley Scoggin\Local Settings\Application Data\tnwtkkhkg\vtkjrqglanw.exe
c:\documents and settings\Ashley Scoggin\My Documents\DPE.DUS
C:\install.exe
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\spool\prtprocs\w32x86\CNMPD7Y.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP7Y.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USNJSVC
-------\Service_usnjsvc

((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-25 19:32 . 2010-09-25 19:32 -------- d-----w- c:\documents and settings\Ashley Scoggin\Application Data\SUPERAntiSpyware.com
2010-09-25 19:32 . 2010-09-25 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-24 02:32 . 2010-09-24 02:32 -------- dc----w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 12:55 . 2010-03-30 23:21 0 ----a-w- c:\documents and settings\Ashley Scoggin\Local Settings\Application Data\prvlcl.dat
2010-09-19 21:16 . 2007-09-13 22:25 -------- d-----w- c:\documents and settings\Ashley Scoggin\Application Data\LimeWire
2010-09-18 01:15 . 2010-08-06 23:12 -------- d-----w- c:\documents and settings\Ashley Scoggin\Application Data\BitLord
2010-09-12 19:01 . 2006-06-26 17:24 4987 ---ha-w- C:\hpothb07.dat
2010-09-12 17:18 . 2008-10-17 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-09-07 03:45 . 2007-11-02 04:33 -------- d-----w- c:\documents and settings\Ashley Scoggin\Application Data\gtk-2.0
2010-08-17 13:17 . 2006-02-16 20:59 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 01:01 . 2006-06-24 19:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-15 02:53 . 2010-08-15 02:48 19558 ----a-w- c:\windows\hpoins01.dat
2010-08-07 00:53 . 2010-08-07 00:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2010-08-06 23:13 . 2007-09-13 22:24 -------- d-----w- c:\program files\LimeWire
2010-08-06 23:12 . 2010-08-06 23:12 -------- d-----w- c:\documents and settings\Ashley Scoggin\Application Data\Python-Eggs
2010-08-06 23:11 . 2010-08-06 23:09 -------- d-----w- c:\program files\BitLord 1.2
2010-08-04 03:23 . 2010-08-04 03:21 -------- d-----w- c:\program files\iTunes
2010-08-04 03:23 . 2010-08-04 03:21 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-08-04 03:22 . 2010-08-04 03:22 -------- d-----w- c:\program files\iPod
2010-08-04 03:22 . 2008-09-24 04:53 -------- d-----w- c:\program files\Common Files\Apple
2010-08-04 03:16 . 2010-08-04 03:15 -------- d-----w- c:\program files\QuickTime
2010-08-04 03:10 . 2010-08-04 03:10 -------- d-----w- c:\program files\Bonjour
2010-08-04 03:01 . 2008-11-25 03:16 -------- d-----w- c:\program files\Safari
2010-07-29 12:50 . 2010-07-29 12:40 677 ---ha-w- c:\documents and settings\Ashley Scoggin\hpothb07.dat
2010-07-29 12:50 . 2010-07-29 12:49 164 ---ha-w- c:\documents and settings\All Users\hpothb07.dat
2010-07-22 15:49 . 2006-02-16 20:59 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-18 23:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-15 14:44 . 2010-02-22 06:43 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:44 . 2010-03-05 01:49 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:43 . 2008-09-12 03:13 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-30 12:31 . 2006-02-16 20:59 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-29 18:23 . 2006-11-14 01:56 2752 -c--a-w- c:\documents and settings\Ashley Scoggin\Application Data\wklnhst.dat
2008-03-11 23:43 . 2008-03-11 23:43 0 -c--a-w- c:\program files\temp01
2006-06-07 02:36 . 2006-06-07 02:36 251 -c--a-w- c:\program files\wt3d.ini
2006-10-12 22:58 . 2006-10-12 22:06 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-09-08 2735200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2010-09-08 02:56 2735200 ----a-w- c:\program files\TorrentMan\tbTor1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2010-09-08 2735200]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RamBooster"="c:\program files\RamBooster 2.0\Rambooster.exe" [2010-03-15 561664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-28 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-28 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-28 118784]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-09 15691264]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 88203]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2004-05-01 65536]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-30 73728]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-01-14 30208]
"TPSMain"="TPSMain.exe" [2005-06-01 282624]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2005-12-14 53248]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"TDispVol"="TDispVol.exe" [2005-12-27 73728]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\update.exe" [2007-04-08 303104]
"SnoopFreeUI"="SnoopFreeUI.exe" [2008-02-10 221184]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-03-07 524632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\documents and settings\Ashley Scoggin\Start Menu\Programs\Startup\AutorunsDisabled
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-9 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2006-2-20 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-01-14 02:40 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDUiP6310DMon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitLord 1.2\\Bitlord files\\bitlord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/28/2009 1:26 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2008 10:13 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/22/2010 1:43 AM 243024]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/4/2010 8:49 PM 921952]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/4/2010 8:49 PM 308136]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [1/13/2006 9:52 PM 13568]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [1/13/2006 9:52 PM 33024]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1029456]
R2 smihlp;SMI helper driver;c:\program files\Protector Suite QL\smihlp.sys [1/13/2006 9:24 PM 3456]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S3 AdWatchDrv;AW Realtime Driver;\??\c:\windows\system32\drivers\AWRTPD.sys --> c:\windows\system32\drivers\AWRTPD.sys [?]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [3/23/2010 6:58 AM 430152]
S3 gttap1;GoTrusted TAP Adapter;c:\windows\system32\DRIVERS\gttap1.sys --> c:\windows\system32\DRIVERS\gttap1.sys [?]
S3 w600bus;Sony Ericsson W600 driver (WDM);c:\windows\system32\drivers\w600bus.sys [6/6/2006 9:55 PM 60928]
S3 w600mdfl;Sony Ericsson W600 USB WMC Modem Filter;c:\windows\system32\drivers\w600mdfl.sys [6/6/2006 9:56 PM 8336]
S3 w600mdm;Sony Ericsson W600 USB WMC Modem Drivers;c:\windows\system32\drivers\w600mdm.sys [6/6/2006 9:56 PM 96672]
S3 w600mgmt;Sony Ericsson W600 USB WMC Device Management Drivers;c:\windows\system32\drivers\w600mgmt.sys [6/6/2006 9:57 PM 88080]
S3 w600obex;Sony Ericsson W600 USB WMC OBEX Interface Drivers;c:\windows\system32\drivers\w600obex.sys [6/6/2006 9:57 PM 85952]
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:26]

2010-09-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-09-08 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4281840833.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]

2006-06-06 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-16 00:12]
.
.
------- Supplementary Scan -------
.
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:27811
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{5CFA5B80-01F4-420F-B18B-545712C8A1C8} - http://www.playsushi...l=1&t=nBlaPR02i
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} - file:///D:/win/setup/iamce.dll
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller.cab
FF - ProfilePath - c:\documents and settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=Qq1jl_tFAHrxlgG90yvZkQ&psa=&ind=2010081017&ptnrS=ZJfox000&si=&st=kwd&n=77cf66f9&searchfor=
FF - plugin: c:\documents and settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Common Files\Motive\npMotive.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-stvpcocp - c:\documents and settings\Ashley Scoggin\Local Settings\Application Data\tnwtkkhkg\vtkjrqglanw.exe
HKLM-Run-ATT-SST_McciTrayApp - c:\program files\ATT-SST\McciTrayApp.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 17:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-527615031-804054440-3877981695-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{070FCBB4-D56A-332F-DA65-3187529B9136}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbomkkjblmdhjpeffnddffoadeohjlcplfnahlbo"=hex:6a,61,68,62,63,6b,6b,61,67,6e,
62,70,6f,69,63,64,64,64,61,70,00,16
"cbenenkppjmhigkngfipiebjpnamcngiafplmh"=hex:6a,61,68,62,63,6b,6b,61,67,6e,62,
70,6f,69,63,64,64,64,61,70,00,16
"abkpccafocidnahefbgnhpnjenjmadplfb"=hex:61,61,00,00
"majpdcmhjpclpkjkphlpgkifpf"=hex:61,61,00,00
"iaomkkjblmdhjpeffn"=hex:61,61,00,00
"haenenkppjmhigkn"=hex:61,61,00,00
"iakpcplfonmfiphegd"=hex:61,61,00,00

[HKEY_USERS\S-1-5-21-527615031-804054440-3877981695-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A0A88A41-3862-ED8F-EBF8-1E2E529356EA}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"dbmdpjdkklknpapamcokijaoodlifdhhgapjlokg"=hex:6a,61,62,6e,69,64,62,66,63,67,
6c,6d,67,70,62,6a,6f,6a,69,65,00,00
"cbgdfikdbfcbkdaifkllokeaadiejghjabgkkm"=hex:6a,61,62,6e,69,64,62,66,63,67,6c,
6d,67,70,62,6a,6f,6a,69,65,00,00
"iamdpjdkklknpapamc"=hex:61,61,00,00
"hagdfikdbfcbkdai"=hex:61,61,00,00
"iaadignolajoadhjkd"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\¬ t**]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(916)
c:\windows\system32\vrlogon.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\crypto.dll
c:\program files\Protector Suite QL\biokmd.dll
c:\program files\Protector Suite QL\mysafe.dll

- - - - - - - > 'lsass.exe'(972)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus2.dll

- - - - - - - > 'explorer.exe'(1624)
c:\windows\system32\WININET.dll
c:\windows\system32\TDispVol.dll
c:\windows\SnoopFreeDll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\System32\SnoopFreeSvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\TDispVol.exe
c:\windows\SnoopFreeUI.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Apoint2K\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-09-25 17:19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-25 22:19

Pre-Run: 25,254,809,600 bytes free
Post-Run: 25,657,786,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 13CCE68EFF90C9AC4B2E6EEE026DC059

#2
emeraldnzl

Posted 26 September 2010 - 02:28 AM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sassynclassy25,

Firstly it means that either, you haven't read our self help section or, if you have read it, you haven't bothered to follow the instructions there.

Secondly it means you are lucky that using ComboFix without firstly posting the logs we ask for, worked, without damaging your machine.

Thirdly it means that your computer is infected.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

REGNULL:: 
[HKEY_USERS\S-1-5-21-527615031-804054440-3877981695-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{070FCBB4-D56A-332F-DA65-3187529B9136}*]
[HKEY_USERS\S-1-5-21-527615031-804054440-3877981695-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{070FCBB4-D56A-332F-DA65-3187529B9136}*]

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.

Next

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Click the Run Scan button. Do not change any settings unless otherwise told to do so.

o When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
o Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post back here.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.

So when you return please post

ComboFix.txt
OTL logs - OTL.txt and Extras.txt

#3
sassynclassy25

Posted 26 September 2010 - 01:18 PM

New Member

Topic Starter
Member
2 posts

I used another website's instructions on removing the virus. They suggested this website for interpretation of the combofix log.

I ran combofix again; however, they did not give me a log for this run.

The OTL logs are as follows:

OTL Extras logfile created on: 9/26/2010 2:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Ashley Scoggin\Desktop\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 488.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 24.20 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHLEY
Current User Name: Ashley Scoggin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Value error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe" = C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe:*:Disabled:ConfigFree SUMMIT Engine -- (TOSHIBA CORPORATION)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\BitLord\BitLord.exe" = C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord -- (www.BitLord.com)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitLord 1.2\Bitlord files\bitlord.exe" = C:\Program Files\BitLord 1.2\Bitlord files\bitlord.exe:*:Enabled:BitLord -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 20
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = WCreator2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"{7ABBE005-0263-4342-9C12-50E34383A49E}" = Circuit City Advantage Protection Plan
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries
"{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ADE3CACC-EC31-480C-83A0-587EE60CE8DF}" = RamBooster
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDBFC424-DD00-497F-9BDC-4E4178332336}" = Protector Suite 5.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EAFEF30E-3789-49C7-A6D9-77C12E005BAC}" = Safari
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE28E1DC-A319-4DFE-B8ED-BEE329D377A4}" = Sony Ericsson PC Suite 1.10.21
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AVG9Uninstall" = AVG Free 9.0
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"BitLord" = BitLord 1.2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Easy DVD Clone" = Easy DVD Clone
"Fn-esse" = TOSHIBA Fn-esse
"getPlus®_dll" = getPlus®_dll
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{02EED746-8C5A-43C8-BB3D-D29C8B363A4D}" = TOSHIBA Zooming Utility
"InstallShield_{3A57482F-BEBC-47E4-ADA1-6302403C7E50}" = TOSHIBA Accessibility
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCA8D15-BCB6-421E-9654-238B43456A4F}" = TOSHIBA Controls
"InstallShield_{7900D3A6-A9E8-4954-ACCB-AB15867978BF}" = TOSHIBA Hotkey Utility
"InstallShield_{80977342-27E8-4FF7-8B6A-D8D89461DA7F}" = TouchPad On/Off Utility
"InstallShield_{A38D57D1-5F29-4691-B3DD-FE4B3A7B3AFE}" = TOSHIBA Power Saver
"InstallShield_{DB5F474C-B584-417F-810B-DEBBC1893C2A}" = TBS WMP Plug-in
"InterActual Player" = InterActual Player
"LimeWire" = LimeWire 5.5.13
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2008b" = Microsoft Money Plus
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"SnoopFreePrivacyShield" = SnoopFree Privacy Shield
"TorrentMan Toolbar" = TorrentMan Toolbar
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TweakMP9" = Windows Media Player 9 Series TweakMP PowerToy
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinGimp-2.0_is1" = GIMP 2.4.0
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 2.7
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 4 Free 4.73
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/14/2010 1:20:09 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:20:09 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17235

Error - 8/14/2010 1:20:09 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17235

Error - 8/14/2010 1:20:11 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:20:11 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19188

Error - 8/14/2010 1:20:11 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19188

Error - 8/14/2010 1:20:13 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/14/2010 1:20:13 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 21141

Error - 8/14/2010 1:20:13 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 21141

Error - 8/14/2010 1:20:15 PM | Computer Name = ASHLEY | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

[ System Events ]
Error - 9/13/2010 10:24:12 AM | Computer Name = ASHLEY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 9/13/2010 11:12:59 AM | Computer Name = ASHLEY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 9/13/2010 12:03:30 PM | Computer Name = ASHLEY | Source = Print | ID = 23
Description = Printer Lexmark 1200 Series,0 failed to initialize because a suitable
Lexmark 1200 Series driver could not be found.

Error - 9/13/2010 12:37:40 PM | Computer Name = ASHLEY | Source = Print | ID = 23
Description = Printer Lexmark 1200 Series,0 failed to initialize because a suitable
Lexmark 1200 Series driver could not be found.

Error - 9/14/2010 2:41:57 PM | Computer Name = ASHLEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/14/2010 2:41:57 PM | Computer Name = ASHLEY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.

Error - 9/14/2010 2:42:56 PM | Computer Name = ASHLEY | Source = Print | ID = 23
Description = Printer Lexmark 1200 Series,0 failed to initialize because a suitable
Lexmark 1200 Series driver could not be found.

Error - 9/14/2010 4:06:24 PM | Computer Name = ASHLEY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 9/14/2010 11:43:19 PM | Computer Name = ASHLEY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 9/15/2010 12:45:34 PM | Computer Name = ASHLEY | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

< End of report >

OTL logfile created on: 9/26/2010 2:07:24 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Ashley Scoggin\Desktop\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 488.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 92.97 Gb Total Space | 24.20 Gb Free Space | 26.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASHLEY
Current User Name: Ashley Scoggin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/26 14:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ashley Scoggin\Desktop\Downloads\OTL.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/15 08:42:36 | 000,561,664 | ---- | M] (J.Pajula) -- C:\Program Files\RamBooster 2.0\Rambooster.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/10 12:12:16 | 000,221,184 | ---- | M] (SnoopFree Software) -- C:\WINDOWS\SnoopFreeUI.exe
PRC - [2008/02/10 12:12:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\SnoopFreeSvc.exe
PRC - [2006/11/13 14:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 14:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2006/01/13 21:31:26 | 000,046,592 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2005/12/27 16:22:42 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TDispVol.exe
PRC - [2005/12/13 19:28:56 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
PRC - [2005/12/05 14:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/11/30 15:25:22 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2005/11/28 13:41:50 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/11/28 13:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/10/06 08:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2004/08/28 03:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe

========== Modules (SafeList) ==========

MOD - [2010/09/26 14:05:09 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ashley Scoggin\Desktop\Downloads\OTL.exe
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/02/10 12:12:16 | 000,045,056 | ---- | M] () -- C:\WINDOWS\SnoopFreeDll.dll
MOD - [2002/03/03 07:40:00 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\TDispVol.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2010/07/20 22:04:37 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:44:11 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/07 14:26:35 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/10 12:12:16 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\SnoopFreeSvc.exe -- (SnoopFreeSvc)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2005/11/28 13:31:32 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/11/28 13:29:00 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/11/28 13:28:14 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/07/12 20:14:42 | 000,040,960 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2005/01/17 19:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/08/28 03:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2003/03/09 21:31:02 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS -- (SASKUTIL)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\ASHLEY~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\gttap1.sys -- (gttap1)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\AWRTPD.sys -- (AdWatchDrv)
DRV - [2010/07/15 09:44:19 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:43:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/13 23:41:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/22 01:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 01:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/06/28 13:25:14 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/10 12:12:16 | 000,009,472 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\SnopFree.sys -- (SnoopFree)
DRV - [2006/01/13 21:52:36 | 000,013,568 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/01/13 21:52:22 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/01/13 21:35:06 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2006/01/13 21:24:44 | 000,003,456 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Protector Suite QL\smihlp.sys -- (smihlp)
DRV - [2005/12/09 19:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/12/05 04:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 13:55:24 | 000,011,264 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005/11/30 14:01:02 | 000,043,392 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005/11/30 13:12:36 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 14:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/15 12:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/10/06 08:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 08:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 08:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 08:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 08:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 08:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 08:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/14 21:24:08 | 000,179,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2005/09/12 06:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/08/25 15:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 15:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 18:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/08/15 09:05:59 | 000,060,928 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600bus.sys -- (w600bus) Sony Ericsson W600 driver (WDM)
DRV - [2005/08/15 09:05:54 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mdfl.sys -- (w600mdfl)
DRV - [2005/08/15 09:05:52 | 000,096,672 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mdm.sys -- (w600mdm)
DRV - [2005/08/15 09:05:48 | 000,088,080 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600mgmt.sys -- (w600mgmt)
DRV - [2005/08/15 09:05:46 | 000,085,952 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w600obex.sys -- (w600obex)
DRV - [2005/08/12 08:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/06/02 06:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2004/11/15 19:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 15:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:27811

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/?ilc=1"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.mywebs...6f9&searchfor="
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: ":0"

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 18:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/03/23 06:58:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 19:31:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 16:30:26 | 000,000,000 | ---D | M]

[2009/03/25 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Extensions
[2009/03/25 21:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Extensions\[email protected]
[2010/09/25 20:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions
[2010/07/12 11:42:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/08/10 11:38:14 | 000,000,000 | ---D | M] (ToolbarMS (The MySpace Toolbar)) -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions\{4bd2f96f-1db8-41cb-8062-07abff2dc07e}
[2008/10/16 23:02:19 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/01/09 01:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\extensions\[email protected]
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\searchplugins\MySpace.xml
[2010/08/10 17:30:41 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\searchplugins\mywebsearch.xml
[2010/09/25 20:22:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/12 19:31:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/09/21 17:15:18 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2008/02/08 19:29:47 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/09/26 13:49:45 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe (MediaCodec.Org)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SnoopFreeUI] C:\WINDOWS\SnoopFreeUI.exe (SnoopFree Software)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TDispVol] C:\WINDOWS\System32\TDispVol.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe (J.Pajula)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Ashley Scoggin\Start Menu\Programs\Startup\AutorunsDisabled [2007/10/28 03:51:49 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - File not found
O9 - Extra Button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - File not found
O9 - Extra Button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - File not found
O9 - Extra Button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: //@[email protected]/ ([]money in Local intranet)
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} file:///D:/win/setup/iaieplay.dll (IEPlayInterface Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8B67B37E-1AE2-4B99-B8CF-55AF4D58DF0D} file:///D:/win/setup/iamce.dll (IAMCE Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh...aploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...etInstaller.cab (WebBrowserType Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\psfus: DllName - psqlpwd.dll - C:\WINDOWS\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/26 13:43:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ashley Scoggin\Recent
[2010/09/26 13:43:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/09/26 13:18:34 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Ashley Scoggin\My Documents\My Safe
[2010/09/25 17:33:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ashley Scoggin\Application Data\Malwarebytes
[2010/09/25 17:32:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/25 17:32:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/25 17:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/25 17:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/25 16:55:45 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/25 16:48:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/25 16:48:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/25 16:48:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/25 16:48:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/25 16:48:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/25 16:46:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/25 14:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ashley Scoggin\Application Data\SUPERAntiSpyware.com
[2010/09/25 14:32:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/23 21:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/23 18:43:12 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/09/06 22:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ashley Scoggin\My Documents\Pictures
[2006/09/14 17:01:22 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ashley Scoggin\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/09/26 13:50:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/26 13:49:45 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/26 13:49:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/26 13:45:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/26 13:45:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/26 13:45:28 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/26 13:44:24 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\Ashley Scoggin\NTUSER.DAT
[2010/09/26 13:43:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ashley Scoggin\ntuser.ini
[2010/09/26 13:33:00 | 003,854,198 | R--- | M] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\ComboFix.exe
[2010/09/26 13:25:38 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/26 13:19:07 | 000,000,671 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/26 13:19:07 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2010/09/26 12:55:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\prvlcl.dat
[2010/09/26 12:41:35 | 065,291,793 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/09/25 20:46:57 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\.recently-used.xbel
[2010/09/25 17:32:54 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/25 14:32:34 | 011,329,872 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\SAS_469F33.COM
[2010/09/22 20:08:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/22 15:17:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/22 13:32:56 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/09/13 12:05:01 | 000,001,126 | -H-- | M] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\hpothb07.dat
[2010/09/12 14:02:23 | 000,023,849 | -H-- | M] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\hpothb07.tif
[2010/09/12 14:01:51 | 000,031,253 | -H-- | M] () -- C:\hpothb07.tif
[2010/09/12 14:01:51 | 000,004,987 | -H-- | M] () -- C:\hpothb07.dat
[2010/09/07 22:18:13 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2010/09/07 22:18:10 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1281840833.job

========== Files Created - No Company Name ==========

[2010/09/25 20:46:57 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\.recently-used.xbel
[2010/09/25 17:32:54 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/25 17:03:32 | 1063,374,848 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/25 16:55:50 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2010/09/25 16:55:48 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/25 16:48:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/25 16:48:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/25 16:48:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/25 16:48:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/25 16:48:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/25 16:45:44 | 003,854,198 | R--- | C] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\ComboFix.exe
[2010/09/25 14:32:34 | 011,329,872 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\My Documents\SAS_469F33.COM
[2010/08/06 18:12:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\bitlord_log.txt
[2010/05/24 18:58:02 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2010/03/30 18:21:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\prvlcl.dat
[2008/04/03 07:13:33 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/04/03 07:13:31 | 000,000,076 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/03/11 18:43:46 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/02/24 13:13:40 | 000,000,022 | ---- | C] () -- C:\WINDOWS\iexplore.ini
[2008/02/10 12:12:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\SnoopFreeDll.dll
[2008/02/10 12:12:16 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\SnopFree.sys
[2007/12/23 22:21:18 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\$_hpcst$.hpc
[2007/07/16 17:13:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2007/04/19 19:46:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/11/13 20:56:59 | 000,002,752 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\wklnhst.dat
[2006/10/12 18:17:02 | 000,000,058 | ---- | C] () -- C:\WINDOWS\Progs_.ini
[2006/10/12 17:27:46 | 000,000,150 | ---- | C] () -- C:\WINDOWS\TalkingTimeKeeper.INI
[2006/10/12 17:26:59 | 000,002,753 | ---- | C] () -- C:\WINDOWS\SaintPaint.INI
[2006/10/12 17:06:02 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/14 17:21:39 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2006/09/14 17:01:23 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\pcouffin.log
[2006/09/14 17:01:22 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\ezpinst.exe
[2006/09/14 17:01:22 | 000,007,176 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\pcouffin.cat
[2006/09/14 17:01:22 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\pcouffin.inf
[2006/08/29 13:17:21 | 000,000,271 | ---- | C] () -- C:\WINDOWS\phedit.ini
[2006/08/14 17:20:14 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2006/07/22 22:47:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PestPatrol5.INI
[2006/07/10 16:55:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2006/07/10 07:37:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/06/18 03:22:56 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 00:14:04 | 000,001,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/16 03:45:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/08 23:59:47 | 000,000,198 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/06 21:36:38 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2006/06/06 18:16:02 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Ashley Scoggin\Local Settings\Application Data\fusioncache.dat
[2006/02/28 16:53:45 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/20 17:17:12 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/02/20 17:17:12 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/02/20 17:17:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/02/20 17:17:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/02/20 17:17:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/02/20 17:17:12 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/02/20 17:14:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\TDispVol.dll
[2006/02/20 17:00:21 | 000,000,224 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/02/20 16:31:18 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/02/20 16:31:18 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/02/20 16:27:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/02/20 16:27:06 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2006/02/20 16:23:18 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/02/20 16:23:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/02/20 16:23:18 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/02/20 16:23:18 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/02/20 16:15:11 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/16 17:45:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 16:05:43 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/01/04 13:59:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005/12/09 17:36:30 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005/11/28 23:33:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/23 16:55:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005/11/23 16:41:28 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005/09/15 17:04:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2005/08/24 18:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 17:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/13 20:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/03/09 21:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/09/26 13:45:26 | 000,039,120 | ---- | M] () -- C:\aaw7boot.log
[2006/09/11 17:04:14 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2006/09/04 19:10:09 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2009/06/24 19:41:10 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/09/26 13:19:07 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2006/07/22 21:44:07 | 000,007,760 | ---- | M] () -- C:\caavsetup.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/09/26 13:58:37 | 000,025,397 | ---- | M] () -- C:\ComboFix.txt
[2006/08/29 00:12:23 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2010/05/24 22:16:53 | 000,044,125 | ---- | M] () -- C:\fcf.jpg
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/09/26 13:45:28 | 1063,374,848 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/07 22:18:13 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2010/09/07 22:18:56 | 000,259,247 | ---- | M] () -- C:\hpfr3425.log
[2010/09/12 14:01:51 | 000,004,987 | -H-- | M] () -- C:\hpothb07.dat
[2010/09/12 14:01:51 | 000,031,253 | -H-- | M] () -- C:\hpothb07.tif
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006/02/16 17:39:23 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/02/20 17:10:14 | 000,001,223 | -H-- | M] () -- C:\IPH.PH
[2010/05/02 14:18:12 | 000,000,021 | ---- | M] () -- C:\log-other.txt
[2006/02/16 17:39:23 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/06/15 08:59:59 | 000,001,041 | ---- | M] () -- C:\net_save.dna
[2004/08/10 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/07/30 20:02:52 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/26 13:45:26 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2007/11/25 15:09:45 | 000,102,486 | ---- | M] () -- C:\playground.log
[2008/04/03 07:16:31 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/02/08 22:48:12 | 000,022,338 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/02/16 09:28:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/16 09:28:35 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/16 09:28:35 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-22 20:17:49

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0829E0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4
emeraldnzl

Posted 26 September 2010 - 02:49 PM

GeekU Instructor

GeekU Moderator
20,051 posts

Hello sassynclassy25,

Please run OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\..\URLSearchHook: {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=Qq1jl_tFAHrxlgG90yvZkQ&psa=&ind=2010081017&ptnrS=ZJfox000&si=&st=kwd&n=77cf66f9&searchfor="
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/23 18:28:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/03/23 06:58:40 | 000,000,000 | ---D | M]
[2010/08/10 17:30:41 | 000,010,017 | ---- | M] () -- C:\Documents and Settings\Ashley Scoggin\Application Data\Mozilla\Firefox\Profiles\auom4w2l.default\searchplugins\mywebsearch.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Bitlord Toolbar) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Bitlord Toolbar) - {7C5C0F58-E061-457D-9033-77307F5ED00C} - C:\Program Files\TorrentMan\tbTor1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O9 - Extra Button: Go PlaySushi! - {5CFA5B80-01F4-420F-B18B-545712C8A1C8} - File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B99FE60
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4A0829E0
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

:Commands
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

After that

Please delete your version of ComboFix, including the folders C:\Qoobox and C:\Combofix, and download a new version of Combofix.

Download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without asupervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

When you return please post