Computer Died

[jtin]

Here it is

DDS (Ver_09-10-26.01) - NTFSx86 
Run by Owner at 15:01:58.10 on Mon 11/02/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.544 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
uSearch Page =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mCustomizeSearch = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\dan2.exe" /runcleanupscript
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982812
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - hxxp://static.topconverting.com/activex/website.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\tusavila.dll yesigoju.dll c:\windows\system32\muraboro.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: nujahavik - {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
SSODL: dafivawah - {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
STS: {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
STS: tokatiluy: {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli hisakite.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 297752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-1-20 24652]
S0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys --> c:\windows\system32\drivers\$sys$cor.sys [?]
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys --> c:\windows\system32\$sys$filesystem\crater.sys [?]
S2 $sys$DRMServer;Plug and Play Device Manager;c:\windows\system32\$sys$filesystem\$sys$drmserver.exe --> c:\windows\system32\$sys$filesystem\$sys$DRMServer.exe [?]
S2 CD_Proxy;XCP CD Proxy;c:\windows\cdproxyserv.exe --> c:\windows\CDProxyServ.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-02 02:36:58   0   d-----w-   c:\program files\Trend Micro
2009-11-02 02:22:04   0   d-----w-   c:\docume~1\owner\applic~1\Malwarebytes
2009-11-01 21:36:22   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-01 19:06:53   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 19:06:52   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-01 19:06:52   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-01 19:06:52   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 18:59:09   26624   ----a-w-   c:\windows\system32\UACkwgswuufhvjwilkbd.dll
2009-11-01 03:58:10   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-01 03:58:10   0   d-----w-   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-11-01 03:57:13   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-31 03:57:34   0   d-----w-   c:\documents and settings\owner\.SunDownloadManager
2009-10-31 03:52:20   0   d-----w-   c:\program files\Microsoft
2009-10-31 03:34:11   0   d-----w-   c:\program files\CCleaner
2009-10-31 02:24:09   2016   ----a-w-   c:\windows\system32\drivers\kgpfr2.cfg
2009-10-31 02:23:47   1864   ----a-w-   c:\windows\system32\drivers\kgpcpy.cfg
2009-10-31 02:17:23   0   d-----w-   c:\docume~1\alluse~1\applic~1\SITEguard
2009-10-31 02:16:20   0   d-----w-   c:\program files\common files\iS3
2009-10-31 02:16:20   0   d-----w-   c:\docume~1\alluse~1\applic~1\STOPzilla!

==================== Find3M  ====================

2009-10-29 21:41:18   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-10-29 21:41:18   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2006-03-15 20:19:34   212992   ----a-w-   c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 23:55:10   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 21:17:34   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3XP.sys
2008-12-30 17:00:22   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH: 15:02:37.07 ===============

[SuperDave]

Hello jtin. Sorry for the delay. The site was down for a bit last night. Could you please do this:

Download HostsXpert

•Unzip HostXpert to your Desktop

•Open up the HostXpert program.

•Make sure that the "Make Hosts Writable?" button in the upper right corner is enabled.

•Click Create Back Up

•Then click on Restore Microsoft's Host Files

•Close the HostXpert program

Next,

Go to Start, Control Panel, Add or Remove Programs and uninstall:

- LiveUpdate (Symantec Corporation)

Download ComboFix by sUBs from one of the below links.  Be sure to save it to the Desktop.

link # 1
Link # 2

**Note:  It is important that it is saved directly to your Desktop

DO NOT run it yet!

Note: the below instructions were created specifically for this user. If you are not this user, DO NOT follow these directions as they could damage the workings of your system

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code:

KillAll::

DDS::
uSearch Page =
mSearch Bar = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
mSearchAssistant =
mCustomizeSearch = hxxp://websearch.drsnsrch.com/sidesearch.cgi?id=
uURLSearchHooks: H - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
AppInit_DLLs: c:\windows\system32\tusavila.dll yesigoju.dll c:\windows\system32\muraboro.dll
SSODL: nujahavik - {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
SSODL: dafivawah - {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
STS: {86d41a49-6682-4d9e-97bf-6695949f1f25} - No File
STS: tokatiluy: {bd6e906a-a25d-43ad-ac46-cfc0d25797ef} - c:\windows\system32\muraboro.dll
LSA: Notification Packages = scecli hisakite.dll

Driver::
Viewpoint Manager Service

File::
c:\windows\system32\drivers\kgpfr2.cfg
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\UACkwgswuufhvjwilkbd.dll

Folder::
c:\docume~1\alluse~1\applic~1\SITEguard
c:\program files\common files\iS3
c:\docume~1\alluse~1\applic~1\STOPzilla!
C:\Program Files\Viewpoint

3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

[jtin]

SD,
     Liveupdate was not there. I could have already removed it but I can't say for sure.  Not sure if they changed the program but HostXpert>"Make hosts writable" is now in the upper left-hand corner (that button confused me all together...I'm a little slow at times!). Sorry I'm bad about editing.  Anyway here is the Combofix log:
***************************************************************************************
ComboFix 09-11-04.02 - Owner 11/04/2009 16:45.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.596 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\system32\drivers\kgpcpy.cfg"
"c:\windows\system32\drivers\kgpfr2.cfg"
"c:\windows\system32\UACkwgswuufhvjwilkbd.dll"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\alluse~1\applic~1\SITEguard
c:\docume~1\alluse~1\applic~1\SITEguard\siteguard.db
c:\docume~1\alluse~1\applic~1\STOPzilla!
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\modules_scanned.db.bak
c:\docume~1\alluse~1\applic~1\STOPzilla!\scanner.log
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdefs.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\sgdwc.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\userdata.db
c:\docume~1\alluse~1\applic~1\STOPzilla!\zilla5.log
c:\program files\common files\iS3
c:\program files\common files\iS3\Anti-Spyware\sgdfull.rsf
c:\program files\TBONAS
c:\program files\TBONAS\bestoffers_icon_01.ico
c:\program files\TBONAS\center_wnd.htm
c:\program files\TBONAS\grb12.rtk
c:\program files\Viewpoint
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\recycler\S-1-5-21-1074224062-4008096682-718314365-1003
c:\recycler\S-1-5-21-108238629-2543261533-15658814-1003
c:\recycler\S-1-5-21-1237417076-4124189201-3592717025-1003
c:\recycler\S-1-5-21-1692090417-3754952875-3743322987-1003
c:\recycler\S-1-5-21-1935193532-3380928342-1166660273-1003
c:\recycler\S-1-5-21-1960408961-2049760794-839522115-1003
c:\recycler\S-1-5-21-2187232315-2653712155-2884993939-1003
c:\recycler\S-1-5-21-369970505-783447879-1513832709-1003
c:\recycler\S-1-5-21-3823185962-2795022387-281022331-1003
c:\recycler\S-1-5-21-729851438-799874365-1875046073-1003
c:\windows\system32\Cache
c:\windows\system32\Cache\mswinstall.exe
c:\windows\system32\Cache\uninstall.exe
c:\windows\system32\drivers\kgpcpy.cfg
c:\windows\system32\drivers\kgpfr2.cfg
c:\windows\system32\uactmp.db
c:\windows\system32\UACtvjhqymacjifueaqe.db

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$ARIES
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Legacy_SVCPROC
-------\Legacy_VIEWPOINT_MANAGER_SERVICE
-------\Service_$sys$DRMServer
-------\Service_CD_Proxy
-------\Service_Viewpoint Manager Service


(((((((((((((((((((((((((   Files Created from 2009-10-04 to 2009-11-04  )))))))))))))))))))))))))))))))
.

2009-11-02 02:36 . 2009-11-02 02:36   --------   d-----w-   c:\program files\Trend Micro
2009-11-02 02:22 . 2009-11-02 02:22   --------   d-----w-   c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-01 21:36 . 2009-11-01 21:36   117760   ----a-w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-01 21:36 . 2009-11-01 21:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-01 19:06 . 2009-09-10 20:54   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 19:06 . 2009-11-01 21:35   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-01 19:06 . 2009-11-01 19:06   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-01 19:06 . 2009-09-10 20:53   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-01 03:58 . 2009-11-01 21:35   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-01 03:58 . 2009-11-01 03:58   --------   d-----w-   c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-11-01 03:57 . 2009-11-01 03:57   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-10-31 03:57 . 2009-10-31 04:15   --------   d-----w-   c:\documents and settings\Owner\.SunDownloadManager
2009-10-31 03:52 . 2009-10-31 03:52   --------   d-----w-   c:\program files\Microsoft
2009-10-31 03:49 . 2009-10-31 03:49   152576   ----a-w-   c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-31 03:34 . 2009-10-31 03:34   --------   d-----w-   c:\program files\CCleaner

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 04:26 . 2002-02-15 18:16   --------   d-----w-   c:\program files\Java
2009-10-31 03:30 . 2002-02-15 18:16   --------   d-----w-   c:\documents and settings\All Users\Application Data\Viewpoint
2009-10-29 23:24 . 2009-05-26 01:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\avg8
2009-10-29 21:41 . 2009-05-26 01:10   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-10-29 21:41 . 2009-05-26 01:10   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-10-29 21:41 . 2009-05-26 01:10   27784   ----a-w-   c:\windows\system32\drivers\avgmfx86.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-14 21:07   1004800   ----a-w-   c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-14 1004800]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-03 2028312]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\dan2.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-12-19 8720384]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG311v3\wlancfg5.exe [2006-1-26 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 21:41   11952   ----a-w-   c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=usbmn1x1.dll
"midi2"=usbmn1x1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/25/2009 7:10 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/25/2009 7:10 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/25/2009 7:09 PM 297752]
S0 $sys$cor;$sys$cor;c:\windows\system32\Drivers\$sys$cor.sys --> c:\windows\system32\Drivers\$sys$cor.sys [?]
S1 $sys$crater;$sys$crater;\??\c:\windows\System32\$sys$filesystem\crater.sys --> c:\windows\System32\$sys$filesystem\crater.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12   REG_MULTI_SZ      Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]

2009-07-13 c:\windows\Tasks\Argente - Registry Cleaner.job
- c:\program files\Argente Software\Argente - Registry Cleaner\Registry Cleaner.exe [2008-09-12 20:52]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - hxxp://static.topconverting.com/activex/website.ocx
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-04 16:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,5f,56,fe,87,b1,33,48,8b,66,77,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,5f,56,fe,87,b1,33,48,8b,66,77,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\MrvGINA.dll

- - - - - - - > 'Explorer.exe'(3460)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2009-11-04 16:59 - machine was rebooted
ComboFix-quarantined-files.txt  2009-11-04 22:59

Pre-Run: 179,891,519,488 bytes free
Post-Run: 179,655,282,688 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

[SuperDave]

Hello jtin. It looks like we're making some good progress. Just a few more things to do.

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

Please post another HJT log

[jtin]

SD,
     I sucessfully added the file to the registry. Here is the HJT log you requested. Again thank you so much.
*****************************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:57 PM, on 11/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\dan2.exe" /runcleanupscript
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982812
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/website.ocx
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/SymAData.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O24 - Desktop Component 0: (no name) - http://www.christianlinks.com/forums/images/avatars/8.jpg

--
End of file - 9309 bytes

[SuperDave]

Hi, jtin.It's looking good. How is your computer working now? Here's one more scan to run and we will be just about finished.

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop
* Double click on the esetsmartinstaller_enu.exe icon on your desktop.
* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.
* Accept any security warnings from your browser.
* Leave the check mark next to Remove found threats and place a check next to Scan archives.
* Click the Start button.
* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.
* When the scan completes, click List of found threats.
* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.
* Click the <<Back button then click Finish.

In your next reply please include the ESET Online Scan Log

[jtin]

SD,
      I ran ESET and it replied "NO Faults Dected".  Though while it was running AVG detected a "Generic Trojan". I selected "Heal" and it went away. That has happened while running a couple of these scans. IE keeps bringing up a window saying a program has corrupted my search provider setting. Should I reinstall IE? It shows Live Search as not available (but will not let me remove it) and Yahoo Search. Other than that it is running GREAT. I just upgraded to 2Gigs RAM and it is whizzing right along.  Thanks again. You are a life saver!

[SuperDave]

Hello jtin. It's good to hear that your computer is working much better except for the problem with IE. Could you please do this:

Open HijackThis and select Do a system scan only

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php

Important: Close all open windows except for HijackThis and then click Fix checked.

Once completed, exit HijackThis.

Download DDS from HERE or HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copy and pasting it into the reply.

Also, could you try to get into your AVG settings and post a log or screenshot from the quarantined files?

[jtin]

SD,
     Not sure if that was supposed to fix IE or not.  When I started IE it popped up again.  Here are the HJT logs.  Thanks.
******************************************************************************
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/14/2004 6:09:05 PM
System Uptime: 11/6/2009 8:36:10 PM (10 hours ago)

Motherboard: Intel Corporation               |  | D915GAG                       
Processor:               Intel(R) Pentium(R) 4 CPU 3.00GHz | J2E1 | 3000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 186 GiB total, 164.229 GiB free.
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID:
Description: Other PCI Bridge Device
Device ID: PCI\VEN_14F1&DEV_2E20&SUBSYS_200014F1&REV_00\4&23C0B1C&0&08F0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_14F1&DEV_2E20&SUBSYS_200014F1&REV_00\4&23C0B1C&0&08F0
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\39DD8A111100
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\39DD8A111100
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&23C0B1C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_4037107B&REV_03\4&23C0B1C&0&40F0
Service: E100B

Class GUID: {4D36E96A-E325-11CE-BFC1-08002BE10318}
Description: Primary IDE Channel
Device ID: PCIIDE\IDECHANNEL\4&13D0732A&0&0
Manufacturer: (Standard IDE ATA/ATAPI controllers)
Name: Primary IDE Channel
PNP Device ID: PCIIDE\IDECHANNEL\4&13D0732A&0&0
Service: atapi

==== System Restore Points ===================

RP1888: 10/30/2009 10:27:16 PM - Removed iS3 STOPzilla Toolbar
RP1889: 10/30/2009 10:29:18 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP1890: 10/30/2009 10:50:08 PM - Installed Java(TM) 6 Update 16
RP1891: 10/30/2009 10:50:47 PM - Installed MSN Toolbar Setup
RP1892: 11/1/2009 11:05:43 PM - Unsigned printer driver hp deskjet 940c installed.
RP1893: 11/2/2009 8:28:41 PM - Avg8 Update
RP1894: 11/3/2009 10:38:31 PM - System Checkpoint
RP1895: 11/4/2009 10:28:03 PM - Software Distribution Service 3.0
RP1896: 11/5/2009 8:26:35 PM - Avg8 Update
RP1897: 11/5/2009 9:10:54 PM - Software Distribution Service 3.0
RP1898: 11/6/2009 10:59:14 PM - System Checkpoint
RP1899: 11/7/2009 4:00:31 AM - Software Distribution Service 3.0

==== Installed Programs ======================

5700_Help
Adobe Reader 7.0.8
Apple Mobile Device Support
Apple Software Update
AVG Free 8.5
BlackBerry Desktop Software 4.6
BPD_HPSU
BPD_Scan
BPDfax
BPDSoftware
BPDSoftware_Ini
BufferChm
CCleaner
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
ESET Online Scanner v3
eSupportQFolder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB970653-v3)
HP Software Update
HPProductAssistant
InstallMgr
Intel(R) Graphics Media Accelerator Driver
Intel(R) Processor ID Utility
iPod for Windows 2005-09-23
iPod for Windows 2006-06-28
iTunes
J5700
Java(TM) 6 Update 16
LightScribe  1.4.136.1
LiveUpdate (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync 4.0
Microsoft Default Manager
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Picture It! Photo Premium 9
Microsoft Search Enhancement Pack
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
MobileMe Control Panel
MSN Toolbar
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
Multimedia Keyboard Driver
Netflix Movie Viewer
NETGEAR WG311v3 PCI Adapter
ProductContext
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Roxio Media Manager
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SolutionCenter
SoundTap
Status
Switch
System Monitor for Windows 98/NT/XP/2000/2003
Toolbox
TrayApp
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
WavePad Uninstall
WebFldrs XP
WebReg
Windows Backup Utility
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Address AutoComplete
Yahoo! Browser Services
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The Viewpoint Manager Service service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The SeaPort service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The Java Quick Starter service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The Automatic LiveUpdate Scheduler service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7034]  - The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).
11/4/2009 5:45:12 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/4/2009 5:42:20 PM, error: Service Control Manager [7031]  - The AVG Free8 WatchDog service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
11/2/2009 9:57:16 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/2/2009 6:19:04 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\D.
11/1/2009 2:12:09 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  $sys$cor AvgLdx86 AvgMfx86 eeCtrl Fips intelppm
11/1/2009 2:01:50 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  $sys$cor
11/1/2009 2:01:29 PM, error: Service Control Manager [7000]  - The XCP CD Proxy service failed to start due to the following error:  The system cannot find the file specified.
10/31/2009 8:13:08 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  $sys$crater
10/31/2009 8:12:47 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service service to connect.
10/31/2009 8:12:47 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
10/31/2009 8:12:47 AM, error: Service Control Manager [7000]  - The Viewpoint Manager Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
10/31/2009 8:12:47 AM, error: Service Control Manager [7000]  - The Plug and Play Device Manager service failed to start due to the following error:  The system cannot find the file specified.
10/31/2009 8:09:56 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/31/2009 8:09:42 AM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
10/31/2009 8:09:01 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  $sys$crater AFD AvgLdx86 AvgMfx86 AvgTdiX Cdrom eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/31/2009 8:09:01 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error:  A device attached to the system is not functioning.
10/31/2009 8:09:01 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/31/2009 8:09:01 AM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/31/2009 8:09:01 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
10/31/2009 7:43:20 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================
******************************************************************************
DDS (Ver_09-10-26.01) - NTFSx86 
Run by Owner at  6:35:18.21 on Sat 11/07/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2039.1419 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)   {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Documents and Settings\Owner\Desktop\Vundo\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\dan2.exe" /runcleanupscript
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wg311v3\wlancfg5.exe
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982812
DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - hxxp://mediaplayer.walmart.com/installer/install.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab
DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - hxxp://static.topconverting.com/activex/website.ocx
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - hxxp://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 297752]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys --> c:\windows\system32\drivers\$sys$cor.sys [?]
S1 $sys$crater;$sys$crater;\??\c:\windows\system32\$sys$filesystem\crater.sys --> c:\windows\system32\$sys$filesystem\crater.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-11-07 09:00:51   0   d-----w-   C:\6360710c71c9396893fd5a59
2009-11-06 19:52:51   0   d-----w-   c:\program files\ESET
2009-11-04 23:02:39   153088   -c----w-   c:\windows\system32\dllcache\triedit.dll
2009-11-04 23:02:31   128512   -c----w-   c:\windows\system32\dllcache\dhtmled.ocx
2009-11-04 23:02:11   1315328   -c----w-   c:\windows\system32\dllcache\msoe.dll
2009-11-04 22:43:46   0   d-sha-r-   C:\cmdcons
2009-11-04 22:42:51   0   d-----w-   C:\ComboFix
2009-11-04 22:31:25   98816   ----a-w-   c:\windows\sed.exe
2009-11-04 22:31:25   77312   ----a-w-   c:\windows\MBR.exe
2009-11-04 22:31:25   267264   ----a-w-   c:\windows\PEV.exe
2009-11-04 22:31:25   161792   ----a-w-   c:\windows\SWREG.exe
2009-11-02 02:36:58   0   d-----w-   c:\program files\Trend Micro
2009-11-02 02:22:04   0   d-----w-   c:\docume~1\owner\applic~1\Malwarebytes
2009-11-01 21:36:22   0   d-----w-   c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-11-01 19:06:53   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-01 19:06:52   19160   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-11-01 19:06:52   0   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-11-01 19:06:52   0   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-11-01 03:58:10   0   d-----w-   c:\program files\SUPERAntiSpyware
2009-11-01 03:58:10   0   d-----w-   c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2009-11-01 03:57:13   0   d-----w-   c:\program files\common files\Wise Installation Wizard
2009-10-31 03:57:34   0   d-----w-   c:\documents and settings\owner\.SunDownloadManager
2009-10-31 03:52:20   0   d-----w-   c:\program files\Microsoft
2009-10-31 03:34:11   0   d-----w-   c:\program files\CCleaner

==================== Find3M  ====================

2009-10-29 21:41:18   335240   ----a-w-   c:\windows\system32\drivers\avgldx86.sys
2009-10-29 21:41:18   11952   ----a-w-   c:\windows\system32\avgrsstx.dll
2009-09-11 14:18:39   136192   ----a-w-   c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36   58880   ----a-w-   c:\windows\system32\msasn1.dll
2009-08-29 08:08:21   916480   ----a-w-   c:\windows\system32\wininet.dll
2009-08-26 08:00:21   247326   ----a-w-   c:\windows\system32\strmdll.dll
2009-08-18 05:33:52   1193832   ----a-w-   c:\windows\system32\FM20.DLL
2006-03-15 20:19:34   212992   ----a-w-   c:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 23:55:10   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 21:17:34   280576   ----a-w-   c:\windows\inf\wg311v3\WG311v3XP.sys
2008-12-30 17:00:22   32768   --sha-w-   c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008123020081231\index.dat

============= FINISH:  6:35:55.18 ===============

[SuperDave]

Hello jtin. Could you please do this for me:

Delete An Uninstall Entry

•Start HijackThis

•Click on the Open the Misc Tools section

•Click on the Open Uninstall Manager button.

•Highlight the entry you want to remove. (See Quote box below)

LiveUpdate (Symantec Corporation)

•Click Delete this entry

Download Disable/Remove Windows Messenger to the desktop to remove Windows Messenger.

Do not confuse Windows Messenger with MSN Messenger because they are not the same. Windows Messenger is a frequent cause of popups.

Unzip the file on the desktop. Open the MessengerDisable.exe and choose the bottom box - Uninstall Windows Messenger and click Apply.

Exit out of MessengerDisable then delete the two files that were put on the desktop.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /u in the runbox
* Make sure there's a space between Combofix and /u
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes.[/I] Exit CCleaner after it has completed it's process.

Please let me know how your computer is doing.

[jtin]

SD,
     Besides the search provider fault it is running great. I Still et popups every once in a while that say I am infected and i need to get their scanner. When I "x" out of it it goes to their sight anyway and starts a scan. Then I "x" out of IE. Not sure if I'm stopping it or what.  It is running much faster.  Thanks a lot!

[evilfantasy]

Please stop adding all of the ******* symbols. It's messing with the text output and makes the replies hard to read. Thanks.


Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

[jtin]

Evil,
     Sorry wont happen again.    Thanks
OTL logfile created on: 11/11/2009 7:46:27 AM - Run 1
OTL by OldTimer - Version 3.1.5.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 76.40% Memory free
2.58 Gb Paging File | 2.28 Gb Available in Paging File | 88.33% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 186.31 Gb Total Space | 165.10 Gb Free Space | 88.61% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: THUNDERMOMSTOY
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (FontCache3.0.0.0) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (idsvc) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (aspnet_state) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (RoxLiveShare9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (helpsvc) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (Roxio UPnP Renderer 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe (Sonic Solutions)
SRV - (Roxio Upnp Server 9) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe (Sonic Solutions)
SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (usb_rndisx) -- C:\WINDOWS\system32\drivers\usb8023x.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (TVICHW32) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS (EnTech Taiwan)
DRV - (RimUsb) -- C:\WINDOWS\system32\drivers\RimUsb.sys (Research In Motion Limited)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RimVSerPort) -- C:\WINDOWS\system32\drivers\RimSerial.sys (Research in Motion Ltd)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (W8335XP) -- C:\WINDOWS\system32\drivers\WG311v3XP.sys (Marvell Semiconductor, Inc)
DRV - (USBMN1X1) -- C:\WINDOWS\system32\drivers\usbmn1x1.sys (Doug Fetter Software Wizardry)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (SunkFilt39) -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys (Alcor Micro Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (E100B) -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ROOTMODEM) -- C:\WINDOWS\system32\drivers\rootmdm.sys (Microsoft Corporation)
DRV - (USB11LDR) -- C:\WINDOWS\system32\drivers\usb11ldr.sys (MIDIMAN)
DRV - (MxlW2k) -- C:\WINDOWS\system32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (ENUM1394) -- C:\WINDOWS\system32\drivers\enum1394.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/ymsgr6/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/12/29 23:23:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/07 11:57:42 | 00,000,000 | ---D | M]
 
 
O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\dan2.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\StartUp\NETGEAR WG311v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Windows &Live Favorites -  File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182552982812 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.walmart.com/installer/install.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go.com/global/download/otoy/OTOYAX29b.cab (Groove Control)
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} http://static.topconverting.com/activex/website.ocx (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp.coupons.com/r3302/Coupons.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} http://www.symantec.com/techsupp/asa/SymAData.cab (Reg Error: Value error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (MrvGINA.dll) - C:\WINDOWS\System32\MrvGINA.dll (Marvell(R))
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.christianlinks.com/forums/images/avatars/8.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/15 11:59:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a1556958-3c53-11de-aff6-001e2ac97b11}\Shell\AutoRun\command - "" = F:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) -  File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) -  File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
 
========== Files/Folders - Created Within 30 Days ==========
 
[2009/11/11 07:44:28 | 00,529,408 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/11 07:40:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/11/08 18:43:01 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2009/11/08 18:39:54 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009/11/07 09:59:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Recordings
[2009/11/06 13:52:51 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/11/04 21:41:52 | 25,198,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/11/04 17:02:39 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/11/04 17:02:31 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/11/04 17:02:11 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/11/04 16:50:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/04 16:43:46 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/04 16:31:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/01 20:36:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/01 20:22:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/01 15:36:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/01 13:06:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/01 13:06:52 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/01 13:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/01 13:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/31 21:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/10/31 21:58:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/10/31 21:57:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/10/30 21:57:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\.SunDownloadManager
[2009/10/30 21:52:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/10/30 21:50:39 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/30 21:50:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/30 21:50:39 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/30 21:34:11 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/30 21:27:21 | 00,000,000 | ---D | C] -- C:\Config.Msi
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2009/11/11 07:44:28 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/11/11 07:41:55 | 00,512,784 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/11 07:41:55 | 00,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/11 07:41:55 | 00,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/11 07:39:50 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/11 07:37:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/11 07:37:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/11 07:37:12 | 21,378,33472 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/10 23:02:30 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/11/10 23:02:30 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/11/10 23:02:24 | 02,252,552 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/11/10 17:54:54 | 44,931,853 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/11/10 17:54:54 | 00,088,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/11/08 08:03:53 | 04,353,099 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\02 Still Standing.mp3
[2009/11/08 07:55:36 | 05,276,483 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\None Like You -Javen-.mp3
[2009/11/07 10:53:54 | 00,352,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/07 09:59:28 | 00,100,088 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/07 08:10:50 | 00,001,490 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spider Solitaire.lnk
[2009/11/07 02:23:00 | 00,000,378 | ---- | M] () -- C:\WINDOWS\tasks\Argente - Registry Cleaner.job
[2009/11/04 21:33:31 | 00,000,747 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/04 16:53:25 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/04 16:53:10 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/04 16:43:52 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/04 15:56:26 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/11/01 07:47:42 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\vupipifi
[2009/10/29 15:41:50 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/10/29 15:41:18 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/10/29 15:41:18 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/10/29 15:41:18 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/10/22 03:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/10/22 03:19:04 | 05,939,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2009/11/08 08:03:38 | 04,353,099 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\02 Still Standing.mp3
[2009/11/08 07:55:24 | 05,276,483 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\None Like You -Javen-.mp3
[2009/11/07 11:19:13 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/11/04 16:43:52 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/04 16:43:50 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/01 13:14:10 | 21,378,33472 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/25 13:19:17 | 02,252,552 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/05/25 12:08:46 | 00,007,220 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2009/05/25 11:50:59 | 00,000,094 | ---- | C] () -- C:\WINDOWS\family.ini
[2008/05/27 18:51:22 | 00,034,308 | ---- | C] () -- C:\WINDOWS\System32\Chip.dll
[2007/10/17 15:22:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/09/13 19:55:54 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/08/20 18:52:23 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc
[2007/05/24 14:49:23 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/05/24 14:46:07 | 00,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/05/23 16:03:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/05/23 16:01:56 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/05/21 19:21:39 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/11/02 14:01:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/07/30 23:59:36 | 00,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/24 08:21:42 | 00,000,035 | ---- | C] () -- C:\WINDOWS\System32\u64sc3pl.ini
[2006/07/22 00:58:17 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2006/07/22 00:58:14 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/28 19:01:56 | 00,001,380 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/11/23 16:29:57 | 00,000,045 | ---- | C] () -- C:\WINDOWS\HKCLFNKL.ini
[2005/11/11 21:10:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/11 13:26:17 | 00,001,130 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2005/08/11 08:18:10 | 00,003,127 | ---- | C] () -- C:\WINDOWS\ACROREAD.INI
[2005/08/11 08:17:31 | 00,000,224 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/08/04 18:41:15 | 00,000,045 | ---- | C] () -- C:\WINDOWS\HKCLFNK.ini
[2005/05/31 14:21:03 | 00,000,520 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2005/04/25 18:19:06 | 00,000,080 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/03/04 17:44:04 | 00,100,088 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2005/01/08 22:05:18 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/10 18:21:18 | 00,074,240 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/10/18 16:00:07 | 00,001,986 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/10/14 12:57:55 | 00,000,092 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2004/09/20 23:09:14 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/07/30 07:26:26 | 00,000,134 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/20 09:06:44 | 00,156,160 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/02/26 14:47:14 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2002/09/29 05:24:22 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/09/29 05:23:16 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/09/29 05:23:14 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/09/29 05:23:07 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/02/15 13:53:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/02/15 12:05:15 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2002/02/15 12:05:15 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2002/02/15 12:02:32 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2002/02/15 12:01:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2002/02/15 10:51:26 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/02/15 10:51:26 | 00,000,529 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2002/02/15 10:51:16 | 00,000,747 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/02/15 10:51:14 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2002/02/15 03:54:46 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2002/01/08 18:03:10 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MiniBrowser.dll
[1999/01/27 12:39:06 | 00,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1998/08/16 04:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1997/06/13 06:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2008/05/03 11:52:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2009/06/29 12:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/05/23 16:04:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/05 00:42:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/07/11 11:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2007/09/25 12:04:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2005/01/08 21:58:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/03/20 19:24:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2004/11/12 11:03:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS
[2008/07/10 00:50:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/09/01 12:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/30 21:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/02/20 13:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/01/03 14:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/05/03 11:53:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2009/05/25 19:14:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
[2006/07/22 01:18:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BellSouth
[2006/08/11 05:30:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Camfrog
[2008/02/11 12:09:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Flickr
[2005/05/31 09:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Free Download Manager
[2009/05/25 11:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\HotSync
[2005/05/31 00:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICQ
[2006/11/02 13:26:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2005/03/18 08:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mtph
[2009/05/07 09:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MxBoost
[2008/03/20 19:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2008/07/10 00:51:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ParetoLogic
[2008/09/01 11:41:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2009/01/21 21:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2006/11/07 15:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\School Zone Preferences
[2006/01/27 13:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2004/10/25 09:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/11/07 02:23:00 | 00,000,378 | ---- | M] () -- C:\WINDOWS\Tasks\Argente - Registry Cleaner.job
[2003/03/31 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/11 07:37:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
< End of report >

[evilfantasy]

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code:

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:Files
C:\Documents and Settings\Owner\Application Data\ParetoLogic

:COMMANDS
[resethosts]
[purity]
[clearrestorepoints]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.

[jtin]

Evil,
    I am still getting  a search provider default and every once in a while my IE pops up an AV add and when I "x" out it goes there anyway and starts a scan.  It hasn't happened in a couple days but I have been working a lot so I haven't been on as much.  Also my wife tried to turn on the computer yesterday and it took fours to get it to come on. It hasn't done that since SD figured out a way to get through the preliminary scans.  Again thank you sooo much for your time.

All processes killed
========== OTL ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Documents and Settings\Owner\Application Data\ParetoLogic\Privacy Controls folder moved successfully.
C:\Documents and Settings\Owner\Application Data\ParetoLogic folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[clearrestorepoints]> in the current context!
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Owner
->Temp folder emptied: 2628583 bytes
->Temporary Internet Files folder emptied: 304114398 bytes
->Java cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 61113 bytes
%systemroot%\System32 .tmp files removed: 15472645 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23949828 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2626565 bytes
 
Total Files Cleaned = 332.87 mb
 
 
OTL by OldTimer - Version 3.1.5.0 log created on 11112009_163726

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...