1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Invasion of the Trojans

Discussion in 'Virus & Other Malware Removal' started by Yellowstone, Jun 26, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    Hi,

    As with others here, my computer is under attack. For the past few days I have been unable to access the Internet. I would receive the message that Yahoo and Firefox have crashed.

    I use AVG as my security and have run several whole computer scans. AVG vaulted one trojan -- Trojan Horse Generic 18.ISP. I restarted my computer. Last night I started the computer in safe mode and discovered 2 more of those little trojan demons. :mad: AVG vaulted them and I am able to access Internet. However, I when I try to do a search on Yahoo or Firefox I am redirected to some random site.

    Here is my HiJackThis info.

    Thank you

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:09:46 PM, on 6/26/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Free Ride Games\GPlayer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgfws9.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\AVG\AVG9\avgam.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\PokerStars.NET\PokerStars.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\AVG\AVG9\avgscanx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\wuauclt.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    R3 - URLSearchHook: (no name) - *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: Free Ride Games Toolbar - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Video Download Toolbar Helper - {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - C:\Program Files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Video Download Toolbar IE Browser Helper Object - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\PROGRA~1\VIDEOD~1\V330~1.3\RESOUR~1\VIDEOD~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: Free Ride Games Toolbar - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O3 - Toolbar: Free Ride Games Toolbar - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll
    O3 - Toolbar: Video Download Toolbar - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Program Files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Getdo] rundll32.exe "C:\Documents and Settings\Weekley\Application Data\Adobe\Update\flacor.dat""
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe
    O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1191343798890
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
    O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    --
    End of file - 12241 bytes
     
  2. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Hello Yellowstone and welcome to Tech Support Guy. I’ll be happy to look over your log and help you with your issues. It will be very helpful if you follow these guidelines:

    • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
    • Please do not run any scans or install/uninstall any applications without being directed to do so.
    • Please follow my instructions carefully and in the order they are posted.
    • Any underlined text in my posts indicates a clickable link.
    • You should print any instructions I give you for ease of use and reference.
    • If you have any questions at all, please stop and ask before proceeding.
    • I remove threads from my subscription list after 5 days of inactivity. If you will not be able to respond to a post within 5 days, please let me know in advance.

    [​IMG] Download OTL to your desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Under the Custom Scan box paste this in:
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\System32\config\*.sav
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

    [​IMG] Download GMER Rootkit Scanner from here to your desktop.

    • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


    If you have trouble running GEMR:

    • Make sure that your security software is disabled
    • Uncheck the box next to "Files" this time also
    • If you still can't run it, try in the Safe Mode

    Please include the following in your next post:

    • OTL and OTL Extras logs
    • GMER log
     
  3. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    I downloaded and ran OTL; then, downloaded and tried to run gmer. The OTL files are posted below. However, I have tried running gmer in every mode except the one where I am hanging from the ceiling upside down playing a harmonica. When I try running this the computer either freezes or shuts down and restarts.

    Here are the OTL files:
    OTL logfile created on: 6/27/2010 10:40:18 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Weekley\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 81.22 Gb Free Space | 72.66% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: GATEWAY
    Current User Name: Weekley
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Weekley\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Weekley\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
    MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


    ========== Win32 Services (SafeList) ==========

    SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
    SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AVGIDSShimxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSErHrxpx) -- C:\WINDOWS\System32\Drivers\AVGIDSxx.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSDriverxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AVGIDSFilterxpx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
    DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (AvgRkx86) -- C:\WINDOWS\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
    DRV - (X4HS32Ex) -- C:\Program Files\Free Ride Games\X4HS32Ex.sys (Exent Technologies Ltd.)
    DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
    DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
    DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd)
    DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
    DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
    DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
    DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
    DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
    DRV - (ndiscm) -- C:\WINDOWS\system32\drivers\NetMotCM.sys (Motorola Inc.)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
    DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
    DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
    DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
    DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    IE - HKCU\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.defaultthis.engineName: "Free Ride Games Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Ask"
    FF - prefs.js..browser.search.selectedEngine: "Free Ride Games Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1320680&SearchSource=13"
    FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
    FF - prefs.js..extensions.enabledItems: [email protected]:4.504.019.002
    FF - prefs.js..extensions.enabledItems: {E78313ED-E64C-451B-9B5F-8A66A8D08A64}:2.5.10.1
    FF - prefs.js..extensions.enabledItems: {f92a9fe4-2850-4198-b9d5-279880e49b16}:2.3.0.4
    FF - prefs.js..extensions.enabledItems: [email protected]:4.5
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.6
    FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
    FF - prefs.js..keyword.URL: "http://search.stopzilla.com/Results.aspx?u="


    FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/01 15:42:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVG\AVG9\Toolbar\Firefox\[email protected] [2010/05/21 20:01:08 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/31 15:34:38 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/25 22:20:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 23:56:49 | 000,000,000 | ---D | M]

    [2008/09/27 19:00:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Extensions
    [2010/06/26 23:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions
    [2009/09/02 19:15:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/04/28 20:44:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2010/06/10 00:19:22 | 000,000,000 | ---D | M] (FireFox accelerator) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}
    [2009/04/18 16:07:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2009/12/18 14:31:25 | 000,000,000 | ---D | M] (Free Ride Games Toolbar) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}
    [2010/01/02 12:53:19 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
    [2009/02/22 17:41:51 | 000,000,681 | ---- | M] () -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\searchplugins\ask.xml
    [2009/08/25 15:56:38 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\searchplugins\conduit.xml
    [2009/02/24 21:31:16 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\searchplugins\yahoo-search.xml
    [2010/06/26 23:59:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2008/02/04 18:49:18 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Video Download Toolbar Helper) - {83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0} - C:\Program Files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll ()
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O2 - BHO: (Video Download Toolbar IE Browser Helper Object) - {B29002A0-87A1-4DC4-AC55-5982034EB61E} - C:\Program Files\Video Download Toolbar\v3.3.0.3\resources\VideoDownloadToolbar.dll (Sakysoft s.r.l. uninominale)
    O2 - BHO: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKLM\..\Toolbar: (Video Download Toolbar) - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Program Files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
    O3 - HKLM\..\Toolbar: (Free Ride Games Toolbar) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Video Download Toolbar) - {E52BE12D-A44A-4F51-9DC1-34F37A488CC7} - C:\Program Files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Free Ride Games Toolbar) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - C:\Program Files\Free_Ride_Games\tbFre1.dll (Conduit Ltd.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
    O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
    O4 - HKLM..\Run: [UserFaultCheck] File not found
    O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
    O4 - HKCU..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe (Exent Technologies Ltd.)
    O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
    O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
    O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
    O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([office] https in Trusted sites)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1191343798890 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/01 14:57:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/10/01 14:57:00 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (69537929998893056)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/06/27 22:26:22 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Weekley\Desktop\OTL.exe
    [2010/06/26 18:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\HiJackThis
    [2010/06/25 13:15:18 | 000,000,000 | -HSD | C] -- C:\found.000
    [2010/06/24 22:04:46 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/06/10 07:58:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/06/10 07:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weekley\Local Settings\Application Data\whxotrlos
    [2010/06/04 00:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/06/04 00:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/06/04 00:00:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/06/03 23:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/06/03 23:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/05/31 15:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weekley\Application Data\HPAppData
    [2010/05/31 15:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
    [2010/05/31 15:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weekley\Application Data\HP
    [2010/05/31 15:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
    [2010/05/31 15:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
    [2010/05/31 15:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
    [2010/05/31 15:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
    [2010/05/31 15:27:57 | 000,000,000 | -H-D | C] -- C:\Config.Msi
    [2010/05/31 15:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
    [2010/05/20 23:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/05/08 17:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2010/05/08 17:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weekley\Local Settings\Application Data\Temp
    [2010/05/08 17:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2010/05/07 23:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
    [2010/05/02 03:34:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dumps
    [2010/04/05 01:59:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Weekley\Application Data\Helper
    [2006/08/11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Weekley\My Documents\*.tmp files -> C:\Documents and Settings\Weekley\My Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/06/27 22:26:22 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Weekley\Desktop\OTL.exe
    [2010/06/27 21:56:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/06/27 21:16:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Weekley\Local Settings\Application Data\prvlcl.dat
    [2010/06/27 17:56:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/06/27 17:28:28 | 061,441,338 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
    [2010/06/27 07:49:18 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-220523388-1637723038-725345543-1004.job
    [2010/06/27 07:49:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/06/27 07:49:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/06/27 07:49:13 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
    [2010/06/27 01:25:03 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000001-00001102-00000004-20041102}.rfx
    [2010/06/27 01:25:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000001-00001102-00000004-20041102}.rfx
    [2010/06/27 01:25:03 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000001-00001102-00000004-20041102}.rfx
    [2010/06/27 01:25:03 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000001-00001102-00000004-20041102}.rfx
    [2010/06/27 01:25:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2010/06/27 01:25:03 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2010/06/27 01:25:02 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000001-00001102-00000004-20041102}.rfx
    [2010/06/27 01:24:46 | 005,767,168 | -H-- | M] () -- C:\Documents and Settings\Weekley\NTUSER.DAT
    [2010/06/27 01:24:30 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Weekley\ntuser.ini
    [2010/06/27 01:24:06 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000001-00001102-00000004-20041102}.CDF
    [2010/06/27 01:24:06 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000001-00001102-00000004-20041102}.BAK
    [2010/06/26 18:02:25 | 000,002,010 | ---- | M] () -- C:\Documents and Settings\Weekley\Desktop\HiJackThis.lnk
    [2010/06/26 01:36:00 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-220523388-1637723038-725345543-1004.job
    [2010/06/25 17:28:34 | 000,599,358 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
    [2010/06/25 01:19:26 | 000,160,205 | ---- | M] () -- C:\WINDOWS\hpoins44.dat
    [2010/06/25 01:00:14 | 006,424,404 | -H-- | M] () -- C:\Documents and Settings\Weekley\Local Settings\Application Data\IconCache.db
    [2010/06/25 00:58:05 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/06/24 23:33:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/06/24 22:04:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
    [2010/06/24 22:04:46 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
    [2010/06/24 22:04:26 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
    [2010/06/24 22:02:37 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
    [2010/06/24 21:41:37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/10 22:59:16 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Fish Instructions.doc
    [2010/06/09 09:00:42 | 000,001,450 | ---- | M] () -- C:\Documents and Settings\Weekley\.powerschool_gradebook.properties
    [2010/06/08 22:57:09 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/06/05 19:30:38 | 000,059,392 | ---- | M] () -- C:\Documents and Settings\Weekley\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/04 00:02:06 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/06/03 23:56:22 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/06/01 08:42:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
    [2010/06/01 06:18:45 | 000,557,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/05/31 15:42:16 | 000,189,152 | ---- | M] () -- C:\Documents and Settings\Weekley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/05/31 15:39:37 | 000,165,721 | ---- | M] () -- C:\WINDOWS\hpoins44.dat.temp
    [2010/05/31 15:38:52 | 000,000,860 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/05/31 15:33:04 | 000,000,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
    [2010/05/31 15:32:18 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2010/05/31 15:31:14 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/05/31 15:30:30 | 000,001,985 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
    [2010/05/30 16:40:18 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\WHS Happenings.doc
    [2010/05/24 01:40:16 | 000,050,688 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\2nd Semester Final Exam2.doc
    [2010/05/20 21:42:38 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_2nd Semester_Final Exam.doc
    [2010/05/19 23:16:44 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_2nd Sem_ Study Guide.doc
    [2010/05/17 23:41:51 | 000,142,848 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum (2).doc
    [2010/05/16 23:17:41 | 000,120,832 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum.doc
    [2010/05/12 14:45:57 | 000,029,275 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum.docx
    [2010/05/12 06:55:54 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Substitute Instructions.doc
    [2010/05/11 21:01:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/05/09 22:23:57 | 000,834,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
    [2010/05/09 22:23:56 | 001,522,688 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
    [2010/05/08 20:37:15 | 000,133,120 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Verizon Confirmation.doc
    [2010/05/08 17:54:22 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Weekley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/05/08 17:53:44 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/05/08 02:55:16 | 000,012,462 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Intro Am Lit.docx
    [2010/05/08 02:54:56 | 000,012,929 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Native Am Origin Myths.docx
    [2010/05/05 16:40:25 | 000,000,168 | ---- | M] () -- C:\WINDOWS\wuasirvy.dll
    [2010/05/05 16:00:23 | 000,000,008 | ---- | M] () -- C:\WINDOWS\sdfinacs.dll
    [2010/05/04 16:05:58 | 000,082,482 | ---- | M] () -- C:\WINDOWS\msacm32.drv
    [2010/05/04 16:05:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\sdfixwcs.dll
    [2010/05/02 00:43:20 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Weekley\Desktop\YouTube Downloader.lnk
    [2010/05/02 00:40:06 | 003,105,415 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\YouTubeDownloaderSetup254.exe
    [2010/05/02 00:10:00 | 000,030,243 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Smooth_Small_Group_Discussion.rtf
    [2010/05/01 23:56:56 | 000,043,791 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Smooth_Whole_Class_Discussion.rtf
    [2010/05/01 23:17:41 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\How to Write a Diamond Poem.doc
    [2010/04/22 00:00:49 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test3.doc
    [2010/04/21 23:46:44 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test2.doc
    [2010/04/21 23:35:44 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test1.doc
    [2010/04/15 23:23:54 | 000,031,744 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Romeo and Juliet Word Search.doc
    [2010/04/15 23:02:48 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Alfred Hitchcock Word Search.doc
    [2010/04/14 06:22:28 | 000,000,036 | ---- | M] () -- C:\WINDOWS\rasqervy.dll
    [2010/04/13 23:25:02 | 003,105,415 | ---- | M] () -- C:\YouTubeDownloaderSetup254.exe
    [2010/04/08 22:18:02 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_ Poe Word Search.doc
    [2010/04/07 23:15:55 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_3.doc
    [2010/04/07 23:13:36 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_2.doc
    [2010/04/07 23:08:43 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_1.doc
    [2010/04/06 22:33:41 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Raven_Word Search.doc
    [2010/03/30 21:03:16 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Crucible Lesson Objectives.doc
    [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Weekley\My Documents\*.tmp files -> C:\Documents and Settings\Weekley\My Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/06/26 12:30:31 | 1072,484,352 | -HS- | C] () -- C:\hiberfil.sys
    [2010/06/25 01:19:00 | 000,165,721 | ---- | C] () -- C:\WINDOWS\hpoins44.dat.temp
    [2010/06/25 01:19:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat.temp
    [2010/06/04 00:02:06 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/06/03 23:56:22 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2010/05/31 15:33:04 | 000,000,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
    [2010/05/31 15:32:18 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
    [2010/05/31 15:31:14 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/05/31 15:30:30 | 000,001,985 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Photo Gallery.lnk
    [2010/05/31 15:20:23 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2010/05/31 15:20:22 | 000,160,205 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
    [2010/05/31 15:20:22 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
    [2010/05/30 16:07:28 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\WHS Happenings.doc
    [2010/05/20 22:29:40 | 000,050,688 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\2nd Semester Final Exam2.doc
    [2010/05/20 21:39:49 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_2nd Semester_Final Exam.doc
    [2010/05/18 21:46:40 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_2nd Sem_ Study Guide.doc
    [2010/05/17 20:49:13 | 000,142,848 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum (2).doc
    [2010/05/12 22:16:25 | 000,120,832 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum.doc
    [2010/05/10 22:21:36 | 000,029,275 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11 Unit Curriculum.docx
    [2010/05/08 20:37:15 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Verizon Confirmation.doc
    [2010/05/08 17:54:22 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/05/08 17:54:22 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Weekley\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/05/08 17:51:22 | 000,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/05/08 17:51:22 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/05/08 02:55:16 | 000,012,462 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Intro Am Lit.docx
    [2010/05/08 02:54:56 | 000,012,929 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Native Am Origin Myths.docx
    [2010/05/02 00:39:40 | 003,105,415 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\YouTubeDownloaderSetup254.exe
    [2010/05/02 00:10:00 | 000,030,243 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Smooth_Small_Group_Discussion.rtf
    [2010/05/01 23:56:56 | 000,043,791 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Smooth_Whole_Class_Discussion.rtf
    [2010/05/01 23:17:41 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\How to Write a Diamond Poem.doc
    [2010/04/21 23:51:51 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test3.doc
    [2010/04/21 23:34:51 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test2.doc
    [2010/04/21 23:31:13 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Poe Test1.doc
    [2010/04/15 23:23:53 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Romeo and Juliet Word Search.doc
    [2010/04/15 23:02:47 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Alfred Hitchcock Word Search.doc
    [2010/04/14 06:22:28 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
    [2010/04/14 06:21:47 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
    [2010/04/14 06:21:45 | 000,000,004 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
    [2010/04/13 23:24:57 | 003,105,415 | ---- | C] () -- C:\YouTubeDownloaderSetup254.exe
    [2010/04/13 16:01:38 | 000,082,482 | ---- | C] () -- C:\WINDOWS\msacm32.drv
    [2010/04/13 16:01:38 | 000,000,168 | ---- | C] () -- C:\WINDOWS\wuasirvy.dll
    [2010/04/08 22:18:01 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_ Poe Word Search.doc
    [2010/04/07 23:15:48 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_3.doc
    [2010/04/07 23:13:36 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_2.doc
    [2010/04/07 23:08:43 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\Vocabulary Quiz #16_1.doc
    [2010/04/06 22:33:40 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Raven_Word Search.doc
    [2010/03/30 21:03:16 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Weekley\My Documents\English 11_Crucible Lesson Objectives.doc
    [2007/12/03 16:50:24 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
    [2007/11/25 18:10:34 | 000,000,049 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini
    [2007/10/02 20:19:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/10/02 09:28:31 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
    [2007/10/02 09:28:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2007/10/02 09:17:52 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/08/11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2006/05/23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2005/06/16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
    [2003/08/12 22:26:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
    [2003/02/11 10:58:50 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2010/06/10 15:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2010/06/10 10:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2007/11/25 16:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
    [2009/03/18 21:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
    [2009/12/18 14:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
    [2008/01/10 22:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Riverdeep Interactive Learning Limited
    [2009/06/25 13:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
    [2009/12/22 00:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
    [2009/12/22 01:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
    [2010/02/25 16:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2010/02/27 15:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viper
    [2010/06/04 00:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2009/12/23 12:43:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/12/22 17:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\Exent Technologies
    [2010/01/01 00:06:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\FLVPlayer4Free
    [2009/12/18 14:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\iWin
    [2009/04/04 01:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Weekley\Application Data\Skinux

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2007/10/01 14:57:24 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2007/10/01 14:52:51 | 000,000,211 | -HS- | M] () -- C:\boot.ini
    [2007/10/01 14:57:24 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/02/27 15:44:20 | 024,265,736 | ---- | M] (Microsoft) -- C:\dotnetfx.exe
    [2010/03/10 22:49:53 | 039,023,421 | ---- | M] () -- C:\E406A.exe
    [2010/03/10 22:40:28 | 002,205,233 | ---- | M] () -- C:\E88A.exe
    [2007/12/30 12:32:22 | 005,160,969 | ---- | M] () -- C:\EasyShare.dmp
    [2008/07/06 01:31:28 | 000,004,542 | ---- | M] () -- C:\edubackz2.jpg
    [2010/06/27 07:49:13 | 1072,484,352 | -HS- | M] () -- C:\hiberfil.sys
    [2007/10/01 14:57:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/10/01 14:57:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/25 15:49:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/06/27 07:49:12 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/13 00:20:28 | 000,818,200 | ---- | M] (RealNetworks, Inc.) -- C:\RealPlayerSPGold.exe
    [2009/12/05 00:08:23 | 000,003,584 | -HS- | M] () -- C:\Thumbs.db
    [2010/01/02 12:55:00 | 005,292,546 | ---- | M] () -- C:\videodownloader.zip
    [2010/02/27 15:30:26 | 000,896,838 | ---- | M] () -- C:\viperclientsetup.exe
    [2010/01/02 12:16:31 | 003,096,366 | ---- | M] () -- C:\YouTubeDownloaderSetup253b.exe
    [2010/04/13 23:25:02 | 003,105,415 | ---- | M] () -- C:\YouTubeDownloaderSetup254.exe
    [2008/09/20 22:10:00 | 000,000,146 | ---- | M] () -- C:\YServer.txt

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2007/10/01 07:44:50 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/10/01 07:44:50 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/10/01 07:44:50 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Files - Unicode (All) ==========
    [2010/02/02 19:56:05 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\&#40504;Å
    [2010/02/02 19:56:05 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Å) -- C:\WINDOWS\System32\&#40504;Å
    [2010/01/29 19:48:29 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#664;&#1560;
    [2010/01/29 19:48:29 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#664;&#1560;
    [2010/01/27 18:50:03 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#28872;&#158;
    [2010/01/27 18:50:03 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#28872;&#158;
    [2010/01/25 20:05:46 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#45432;&#1024;
    [2010/01/25 20:05:46 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#45432;&#1024;
    [2010/01/07 19:55:11 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#63048;&#158;
    [2010/01/07 19:55:11 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#63048;&#158;
    [2009/12/15 20:12:18 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\?Ï) -- C:\WINDOWS\System32\&#21312;Ï
    [2009/12/15 20:12:18 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\?Ï) -- C:\WINDOWS\System32\&#21312;Ï
    [2009/11/18 19:56:47 | 000,000,036 | ---- | M] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#55024;&#152;
    [2009/11/18 19:56:47 | 000,000,036 | ---- | C] ()(C:\WINDOWS\System32\??) -- C:\WINDOWS\System32\&#55024;&#152;

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:C265C458
    < End of report >



    OTL Extra Files :

    OTL Extras logfile created on: 6/27/2010 10:40:18 PM - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Weekley\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,023.00 Mb Total Physical Memory | 260.00 Mb Available Physical Memory | 25.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 67.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 111.78 Gb Total Space | 81.22 Gb Free Space | 72.66% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: GATEWAY
    Current User Name: Weekley
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Minimal
    Quick Scan

    ========== Extra Registry (SafeList) ==========
     
  4. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Yellowstone,

    We can forget about GMER for now, but you cut off the most important part of the OTL Extras log. Please re-post that for me.

    [​IMG] Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    • Double click on ComboFix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]


    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    [​IMG]


    • Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


    Please include the following in your next post:

    • OTL Extras logs
    • ComboFix log
     
  5. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    I am sorry about cutting off the OTL Extras log post.

    I disabled AntiVirus and AntiSpyware and downloaded ComboFix. I did not receive prompts telling me I needed to install this and it did not produce a log for me. After clicking on the icon 2 different windows popped up informing me about malware. There were 2 options from which to choose -- quarantine or allow. I clicked on the quarantine button both times. Hopefully, I did not screw up again.

    Thank you for your patience and for helping me.

    I am having trouble posting OTL log.
     
  6. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    Hopefully, I have attached the OTL Extras log in this post.
     

    Attached Files:

  7. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Make sure you have your security programs disabled then download a new copy of ComboFix and try again. Instructions for disabling AVG are HERE. Let me know if you still have trouble.
     
  8. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    I disabled AntiVirus and have been trying to download ComboFix as you requested. I tried both of the links provided and I have been unsuccessful. After downloading Link 2, when I try to run ComboFix the computer freezes.
     
  9. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Yellowstone,

    Make sure you have saved ComboFix to your desktop, then try this please:

    [​IMG] Run ComboFix using these instructions:

    Click the Windows 'Start' button > Select 'Run' - then copy/paste the following bolded text into the run box & click OK.
    "%userprofile%\desktop\combofix.exe" /killall

    When finished, it shall produce a log for you. Post that log in your next reply.

    Please include the following in your next post:

    • ComboFix log
     
  10. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    Well, I finally got ComboFix to run and "do its thing". Here is the log --

    ComboFix 10-06-30.03 - Weekley 07/01/2010 3:57.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.479 [GMT -7:00]
    Running from: c:\documents and settings\Weekley\Desktop\combofix.exe
    AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\LocalService\Application Data\twain_32\user.ds
    c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
    c:\program files\gamevance\gamevancelib32.dll
    C:\Thumbs.db
    c:\windows\msacm32.drv
    c:\windows\rasqervy.dll
    c:\windows\sdfinacs.dll
    c:\windows\sdfixwcs.dll
    c:\windows\system32\system
    c:\windows\system32\twain_32\local.ds
    c:\windows\system32\twain_32\user.ds
    c:\windows\system32\twain_32\user.ds.cla
    c:\windows\wuasirvy.dll
    .
    ((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
    .
    2010-06-28 07:25 . 2010-06-28 07:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
    2010-06-26 09:46 . 2010-06-26 09:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AVG Security Toolbar
    2010-06-26 09:45 . 2010-06-28 07:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
    2010-06-26 09:45 . 2010-06-26 09:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2010-06-25 20:15 . 2010-06-25 20:15 -------- d-----w- C:\found.000
    2010-06-25 05:04 . 2010-06-25 05:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-06-10 14:58 . 2010-06-10 14:58 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-06-10 14:44 . 2010-06-10 17:48 -------- d-----w- c:\documents and settings\Weekley\Local Settings\Application Data\whxotrlos
    2010-06-04 07:01 . 2010-06-04 07:01 -------- d-----w- c:\program files\iPod
    2010-06-04 07:00 . 2010-06-04 07:01 -------- d-----w- c:\program files\iTunes
    2010-06-04 07:00 . 2010-06-04 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-06-04 06:55 . 2010-06-04 06:56 -------- d-----w- c:\program files\QuickTime
    2010-06-04 06:51 . 2010-06-04 06:51 -------- d-----w- c:\program files\Bonjour
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-01 10:42 . 2010-05-31 22:44 -------- d-----w- c:\documents and settings\Weekley\Application Data\HPAppData
    2010-07-01 08:20 . 2009-04-04 08:04 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
    2010-07-01 08:15 . 2009-02-22 22:49 -------- d-----w- c:\program files\Gamevance
    2010-07-01 07:38 . 2007-10-01 22:38 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-01 07:38 . 2010-07-01 07:38 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
    2010-07-01 03:30 . 2009-12-27 21:53 -------- d-----w- c:\program files\PokerStars.NET
    2010-07-01 01:16 . 2009-11-19 04:07 0 ----a-w- c:\documents and settings\Weekley\Local Settings\Application Data\prvlcl.dat
    2010-06-29 09:00 . 2009-04-14 03:06 -------- d-----w- c:\documents and settings\Weekley\Application Data\Skype
    2010-06-28 15:49 . 2010-06-28 15:49 1039712 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2010-06-28 08:02 . 2010-06-28 08:02 5619712 ---ha-w- c:\documents and settings\Weekley\ntuser.tmp
    2010-06-27 01:02 . 2010-06-27 01:02 388096 ----a-r- c:\documents and settings\Weekley\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-06-25 08:19 . 2010-05-31 22:20 160205 ----a-w- c:\windows\hpoins44.dat
    2010-06-25 05:06 . 2010-06-25 05:06 74760 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
    2010-06-25 05:06 . 2010-06-25 05:06 30216 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
    2010-06-25 05:06 . 2010-06-25 05:06 26120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
    2010-06-25 05:06 . 2010-06-25 05:06 25096 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
    2010-06-25 05:06 . 2010-06-25 05:06 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
    2010-06-25 05:06 . 2010-06-25 05:06 216200 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
    2010-06-25 05:06 . 2010-06-25 05:06 122376 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
    2010-06-25 05:04 . 2009-03-19 04:03 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-06-25 05:04 . 2009-11-10 02:34 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
    2010-06-25 05:02 . 2009-03-19 04:03 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-25 04:59 . 2010-06-25 04:59 813336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2010-06-25 04:59 . 2010-06-25 04:59 624920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2010-06-25 04:59 . 2010-06-25 04:59 1690464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2010-06-11 06:33 . 2009-12-23 19:40 -------- d-----w- c:\program files\Apple Software Update
    2010-06-10 22:56 . 2009-06-06 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2010-06-10 17:51 . 2009-11-10 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-06-04 16:31 . 2009-12-23 19:44 -------- d-----w- c:\documents and settings\Weekley\Application Data\Apple Computer
    2010-06-04 07:00 . 2009-12-23 19:39 -------- d-----w- c:\program files\Common Files\Apple
    2010-06-04 06:47 . 2010-06-04 06:47 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
    2010-06-01 15:42 . 2010-06-01 15:42 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
    2010-06-01 15:42 . 2007-10-02 17:00 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-05-31 22:42 . 2007-10-02 16:20 189152 ----a-w- c:\documents and settings\Weekley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-05-31 22:41 . 2010-05-31 22:40 -------- d-----w- c:\documents and settings\Weekley\Application Data\HP
    2010-05-31 22:40 . 2010-05-31 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
    2010-05-31 22:39 . 2010-05-31 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
    2010-05-31 22:34 . 2010-05-31 22:23 -------- d-----w- c:\program files\HP
    2010-05-31 22:32 . 2010-05-31 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
    2010-05-31 22:30 . 2010-05-31 22:30 -------- d-----w- c:\program files\Common Files\HP
    2010-05-31 22:30 . 2010-05-31 22:30 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
    2010-05-09 00:54 . 2007-10-07 01:15 -------- d-----w- c:\program files\Google
    2010-04-14 06:25 . 2010-04-14 06:24 3105415 ----a-w- C:\YouTubeDownloaderSetup254.exe
    2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2009-10-01 02:39 . 2009-10-01 02:38 28868320 ----a-w- c:\program files\FileFormatConverters.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
    "{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-05-11 2515552]
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    [HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    2008-07-18 00:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83BD144C-5E53-4E12-8E99-5A7F1BBF3EA0}]
    2010-01-01 07:09 815104 ----a-w- c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2010-04-19 17:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B29002A0-87A1-4DC4-AC55-5982034EB61E}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
    2010-05-11 04:30 2515552 ----a-w- c:\program files\Free_Ride_Games\tbFre1.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
    "{f92a9fe4-2850-4198-b9d5-279880e49b16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-05-11 2515552]
    "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-01-01 815104]
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
    [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]
    "{F92A9FE4-2850-4198-B9D5-279880E49B16}"= "c:\program files\Free_Ride_Games\tbFre1.dll" [2010-05-11 2515552]
    "{E52BE12D-A44A-4F51-9DC1-34F37A488CC7}"= "c:\program files\Video Download Toolbar\v3.3.0.3\Video_Download_Toolbar.dll" [2010-01-01 815104]
    "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-18 279944]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CLASSES_ROOT\clsid\{f92a9fe4-2850-4198-b9d5-279880e49b16}]
    [HKEY_CLASSES_ROOT\clsid\{e52be12d-a44a-4f51-9dc1-34f37a488cc7}]
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
    "Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2009-12-01 1751552]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
    "CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
    "CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-30 136600]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-25 2065760]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2009-12-01 1751552]
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
    Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-06-25 05:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [11/9/2009 7:34 PM 25168]
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [3/18/2009 9:03 PM 52872]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/18/2009 9:03 PM 216400]
    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/18/2009 9:03 PM 243024]
    R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [6/24/2010 10:02 PM 921440]
    R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/24/2010 10:04 PM 308136]
    R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [6/24/2010 10:02 PM 2331032]
    R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [6/24/2010 10:04 PM 5897808]
    R2 X4HS32Ex;X4HS32Ex;c:\program files\Free Ride Games\X4HS32Ex.sys [12/18/2009 2:26 PM 53280]
    R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [3/18/2009 9:02 PM 30104]
    R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [11/9/2009 7:33 PM 122448]
    R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [11/9/2009 7:33 PM 30288]
    R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [11/9/2009 7:33 PM 26192]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2010 5:51 PM 136176]
    S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [3/18/2009 9:02 PM 30104]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    2010-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
    2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 00:51]
    2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-09 00:51]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
    Trusted Zone: intuit.com\ttlc
    Trusted Zone: microsoft.com\office
    FF - ProfilePath - c:\documents and settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - Free Ride Games Customized Web Search
    FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13
    FF - prefs.js: keyword.URL - hxxp://search.stopzilla.com/Results.aspx?u=
    FF - component: c:\documents and settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
    FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils2.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\[email protected]\components\xpavgtbapi.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
    FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
    FF - plugin: c:\documents and settings\Weekley\Application Data\Mozilla\Firefox\Profiles\ddqd9lyn.default\extensions\{E78313ED-E64C-451B-9B5F-8A66A8D08A64}\plugins\npietab2.dll
    FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    pref(dom.disable_open_during_load, true);.
    - - - - ORPHANS REMOVED - - - -
    HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
    HKCU-Run-Getdo - c:\documents and settings\Weekley\Application Data\Adobe\Update\flacor.dat

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-01 04:08
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(2276)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-07-01 04:17:53
    ComboFix-quarantined-files.txt 2010-07-01 11:17
    Pre-Run: 88,878,628,864 bytes free
    Post-Run: 88,847,675,392 bytes free
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
    - - End Of File - - 664B52D5578D21D5DEC93702CD919844
     
  11. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Thanks for sticking with it. Are your searches still being redirected?
     
  12. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    Thank you for being patient. No, my searches are no longer being redirected. I am able to access Explorer with relative ease. However, when I try to access FireFox on the screen it appears as if 3 windows are trying to open, but in the system tray it shows only 1 is opening. Sometimes, FireFox opens and sometimes it seems to be opening but does not complete the job.
     
  13. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Yellowstone,

    Please run these for me while I look into your Firefox issue:

    [​IMG] Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please post the results.

    [​IMG] Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

    1. Click Accept, when prompted to download and install the program files and database of malware definitions.

    2. To optimize scanning time and produce a more sensible report for review:

    • Close any open programs
    • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

    3. Click Run at the Security prompt.

    The program will then begin downloading and installing and will also update the database.
    Please be patient as this can take quite a long time to download.

    • Once the update is complete, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

      • [*]Spyware, adware, dialers, and other riskware
        [*]Archives
        [*]E-mail databases
    • Click on My Computer under the green Scan bar to the left to start the scan.
    • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
    • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
    • Click View report... at the bottom.
    • Click the Save report... button.

      [​IMG]
    • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

    Please include the following in your next post:

    • MBAM log
    • Kaspersky log
     
  14. Yellowstone

    Yellowstone Thread Starter

    Joined:
    Jun 26, 2010
    Messages:
    21
    Here is the MBAM log --

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4269
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    7/2/2010 2:38:30 PM
    mbam-log-2010-07-02 (14-38-30).txt
    Scan type: Full scan (C:\|)
    Objects scanned: 240383
    Time elapsed: 50 minute(s), 58 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 6
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.
    Files Infected:
    C:\System Volume Information\_restore{C0E4FDFA-C40A-4B4C-B4CB-36BFE04CE76A}\RP1204\A0086441.drv (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C0E4FDFA-C40A-4B4C-B4CB-36BFE04CE76A}\RP1208\A0087590.drv (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{C0E4FDFA-C40A-4B4C-B4CB-36BFE04CE76A}\RP1208\A0087591.drv (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> Quarantined and deleted successfully.
    C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> Quarantined and deleted successfully.
    C:\Documents and Settings\NetworkService\Application Data\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.


    KasReport log --


    KASPERSKY ONLINE SCANNER 7.0: scan report
    Friday, July 2, 2010
    Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, July 02, 2010 14:19:16
    Records in database: 4259887
    --------------------------------------------------------------------------------
    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes
    Scan area - My Computer:
    A:\
    C:\
    D:\
    E:\
    G:\
    H:\
    I:\
    J:\
    Scan statistics:
    Objects scanned: 99926
    Threats found: 2
    Infected objects found: 2
    Suspicious objects found: 0
    Scan duration: 02:36:39

    File name / Threat / Threats count
    C:\Documents and Settings\Weekley\Application Data\Sun\Java\Deployment\cache\6.0\1\d5b9dc1-54fea6fe Infected: Trojan-Downloader.Java.Agent.ff 1
    C:\Qoobox\Quarantine\C\Program Files\Gamevance\gamevancelib32.dll.vir Infected: not-a-virus:AdWare.Win32.Gamevance.chx 1
    Selected area has been scanned.
     
  15. RPMcMurphy

    RPMcMurphy Malware Specialist

    Joined:
    Apr 26, 2010
    Messages:
    444
    Yellowstone,

    [​IMG] Run OTL.exe

    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :Files
      C:\Documents and Settings\Weekley\Application Data\Sun\Java\Deployment\cache\6.0\1\d5b9dc1-54fea6fe
      
      :Commands
      [EmptyFlash]
      [EmptyTemp]
      [Purity]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, it will reboot when it is done and produce a log

    Please include the following in your next post:

    • OTL Fix log
    • Are you still having trouble with Firefox?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/931724

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice