need help

DogDragonDogDragon Jacksonville, Fl Icrontian
edited February 2010 in Spyware & Virus Removal
The computer was scan with spy-bot and AVG and housecall
here's the hijack log

Logfile of HijackThis v1.99.1
Scan saved at 3:36:43 AM, on 12/27/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Kodak\AiO\center\KodakSvc.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\Advanced Registry Doctor\RegManServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0
- HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellconnect.com/
R3
- URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\TextAloud\TAForIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Handy Folders - {D8168918-45A1-4514-A2DB-2263A6C58D44} - C:\PROGRA~1\HANDYF~1\folders.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\pc tools\lsp\pctlsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16
- DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16
- DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16
- DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16
- DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
O16
- DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261759385109
O16
- DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261759369671
O16
- DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16
- DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16
- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16
- DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16
- DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
O16
- DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
O18
- Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
O23 - Service: PC Tools AntiVirus Engine (PCTAVSvc) - PC Tools Research Pty Ltd - C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
O23 - Service: RGService - Unknown owner - F:\RadioGet\RGService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

Comments

  • DogDragonDogDragon Jacksonville, Fl Icrontian
    edited December 2009
    If you need I what kinda pc it is I change her web pages she looking and than it will
    freeze and kicks her off line. That's what I know about. Need something let me know and I'll get the info.
    Thanks
  • edited December 2009
    Hey there. :)

    A few things before we start....
    1. Please Read All Instructions Carefully.
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you.
    4. If you have to go away for an extended period of time, let me know.
    5. Please continue to respond until I give you the "All Clear".
    (Just because you can't see a problem doesn't mean it isn't there)

    ===============

    Please download Malwarebytes' Anti-Malware by clicking the link below:
    http://www.besttechie.net/tools/mbam-setup.exe

    Double Click mbam-setup.exe to install the application.

    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * You'll be required to post the contents of this log later.

    Please Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



    Next let's have you download ComboFix.exe. Please visit this webpage for downloading and instructions for running the tool:

    Go here ======> A guide and tutorial on using ComboFix <====== Go here

    Please ensure you read this guide carefully and install the Recovery Console first.This applies to XP Pro and XP Home users only.If you have SP3 installed you will need to use the download meant for SP2.

    The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

    Once installed, you should get a prompt that says:

    The Recovery Console was successfully installed.

    Please continue as follows:

    (1) Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    (2) Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.


    Please include the MBAM log and C:\ComboFix.txt for further review, so that we may continue cleansing the system.


    Caution: Never run and remove files with Combofix unless supervised by a qualified security analyst who is experienced in the use of Combofix. Misuse can cause serious computer problems.
  • edited December 2009
    MBAM Log

    Malwarebytes' Anti-Malware 1.42
    Database version: 3449
    Windows 5.1.2600 Service Pack 2
    Internet Explorer 7.0.5730.13
    12/29/2009 10:35:07 AM
    mbam-log-2009-12-29 (10-35-07).txt
    Scan type: Quick Scan
    Objects scanned: 119239
    Time elapsed: 29 minute(s), 34 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 1
    Files Infected: 3
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\expertenhancer (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\ExpertEnhancer (Adware.ExpertEnhancer) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    Folders Infected:
    C:\Program Files\ExpertEnhancer (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.
    Files Infected:
    C:\Program Files\ExpertEnhancer\ExpertEnhancer.dat (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.
    C:\Program Files\ExpertEnhancer\pcre3.dll (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.
    C:\Program Files\ExpertEnhancer\uninstall.exe (Adware.BrowsingEnhancer) -> Quarantined and deleted successfully.

    ComboFix Log

    ComboFix 09-12-28.06 - Owner 12/29/2009 10:52:55.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.149 [GMT -5:00]
    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: PC Tools AntiVirus 6.1.0.25 *On-access scanning enabled* (Updated) {832E7172-E406-4bb2-8B19-6D29F2C93A98}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\documents and settings\Owner\Application Data\inst.exe
    .
    ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-29 )))))))))))))))))))))))))))))))
    .
    2009-12-29 07:08 . 2009-12-29 07:08
    d
    w- c:\documents and settings\Owner\Application Data\DivX
    2009-12-27 07:51 . 2009-12-27 08:06
    d
    w- c:\windows\system32\CatRoot_bak
    2009-12-27 07:39 . 2009-11-14 00:49 129784
    w- c:\windows\system32\pxafs.dll
    2009-12-27 07:39 . 2009-11-14 00:49 120056
    w- c:\windows\system32\pxcpyi64.exe
    2009-12-27 07:39 . 2009-11-14 00:49 118520
    w- c:\windows\system32\pxinsi64.exe
    2009-12-27 07:38 . 2009-12-27 07:38
    d
    w- c:\program files\Common Files\DivX Shared
    2009-12-27 07:38 . 2009-12-27 07:39
    d
    w- c:\program files\DivX
    2009-12-22 20:35 . 2009-12-22 20:38
    d
    w- C:\Family Guy - Something,Something,Something,Darkside
    2009-12-22 20:34 . 2009-12-23 03:20
    d
    w- C:\All About Steave
    2009-12-22 20:34 . 2009-12-23 01:17
    d
    w- C:\Inglourious Basterds
    2009-12-22 20:33 . 2009-12-22 22:58
    d
    w- C:\500 Days Of Summer
    2009-12-22 20:33 . 2009-12-23 04:34
    d
    w- C:\Staten Island
    2009-12-22 14:15 . 2009-11-30 23:02 916248 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcfgx.dll
    2009-12-18 14:13 . 2009-12-18 14:13 294656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglngx.dll
    2009-12-16 00:26 . 2009-12-16 08:03
    d
    w- C:\G-Force
    2009-12-16 00:25 . 2009-12-16 00:27
    d
    w- C:\The Other Man
    2009-12-13 19:12 . 2009-12-13 19:12
    d
    w- c:\documents and settings\All Users\Application Data\McAfee
    2009-12-13 19:12 . 2009-12-13 19:11 4043032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2009-12-13 19:12 . 2009-11-30 23:02 1264408 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2009-12-13 19:12 . 2009-11-30 23:02 2020120 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2009-12-13 19:12 . 2009-12-13 19:11 3776280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
    2009-12-13 19:12 . 2009-11-30 23:02 600344 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgnsx.exe
    2009-12-13 19:12 . 2009-11-30 23:02 1475864 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
    2009-12-13 19:12 . 2009-11-30 23:02 1082648 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgxpl.dll
    2009-12-13 19:12 . 2009-11-30 23:02 1074456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcmgr.exe
    2009-12-13 19:11 . 2009-11-30 23:02 562456 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
    2009-12-13 19:11 . 2009-11-30 23:02 1494088 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
    2009-12-13 19:11 . 2009-11-30 23:02 744728 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgscanx.exe
    2009-12-13 19:11 . 2009-11-30 23:02 361752 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmax.exe
    2009-12-13 19:11 . 2009-12-13 19:11 2352920 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgresf.dll
    2009-12-13 19:11 . 2009-11-30 23:02 1946392 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgapix.dll
    2009-12-13 19:11 . 2009-11-30 23:02 615704 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcertx.dll
    2009-12-13 19:11 . 2009-11-30 23:02 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
    2009-12-13 19:10 . 2009-11-30 23:02 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
    2009-12-12 21:21 . 2009-12-12 21:21 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
    2009-12-11 22:21 . 2009-12-11 22:21
    d
    w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
    2009-12-11 00:44 . 2009-12-11 22:21
    d
    w- c:\documents and settings\All Users\Application Data\NOS
    2009-12-08 13:33 . 2009-12-08 13:33
    d
    w- c:\documents and settings\Owner\Application Data\PC Tools
    2009-12-08 13:31 . 2009-08-24 19:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
    2009-12-08 13:31 . 2009-08-19 16:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
    2009-12-08 13:31 . 2009-12-08 13:31
    d
    w- c:\program files\Common Files\PC Tools
    2009-12-08 13:31 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVRec.sys
    2009-12-08 13:31 . 2009-02-10 15:13 28560 ----a-w- c:\windows\system32\drivers\AVHook.sys
    2009-12-08 13:31 . 2009-02-10 15:13 21904 ----a-w- c:\windows\system32\drivers\AVFilter.sys
    2009-12-08 13:30 . 2009-12-11 22:21
    d
    w- c:\program files\PC Tools AntiVirus
    2009-12-08 13:30 . 2009-12-11 22:20
    d
    w- c:\documents and settings\All Users\Application Data\PC Tools
    2009-12-01 17:12 . 2009-12-13 19:11 3967256 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2009-12-01 17:12 . 2009-11-30 23:02 497944 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
    2009-12-01 17:09 . 2009-12-12 21:21 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
    2009-12-01 17:09 . 2009-12-12 21:21 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    2009-11-30 23:08 . 2009-10-16 17:12 1119488 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
    2009-11-30 23:03 . 2009-11-30 23:07
    d
    w- C:\$AVG
    2009-11-30 23:03 . 2009-11-30 23:08
    d
    w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-11-30 23:02 . 2009-11-30 23:02
    d
    w- c:\documents and settings\All Users\Application Data\avg9
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-12-29 14:47 . 2008-10-09 01:10
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-12-29 07:08 . 2008-08-03 23:41
    d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2009-12-23 05:27 . 2008-05-01 14:48
    d
    w- c:\documents and settings\Owner\Application Data\Vso
    2009-12-23 04:34 . 2008-03-12 02:50
    d
    w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2009-12-21 19:13 . 2008-07-20 04:44
    d
    w- c:\program files\Google
    2009-12-21 13:52 . 2008-05-12 03:16
    d
    w- c:\program files\PcBugDoctor
    2009-12-20 16:38 . 2009-10-18 15:29 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2009-12-20 16:38 . 2009-10-18 15:29 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
    2009-12-20 16:38 . 2009-10-18 15:29 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
    2009-12-20 16:38 . 2009-10-18 15:29 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
    2009-12-20 16:38 . 2009-10-18 15:29 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
    2009-12-20 16:38 . 2009-10-18 15:29 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
    2009-12-20 16:34 . 2009-10-28 15:31 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
    2009-12-20 16:33 . 2009-10-18 15:29 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
    2009-12-20 16:33 . 2009-10-18 15:29 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
    2009-12-20 16:33 . 2009-10-18 15:29 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
    2009-12-20 16:33 . 2009-10-18 15:29 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
    2009-12-20 16:33 . 2009-10-18 15:29 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
    2009-12-20 16:33 . 2009-10-18 15:29 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
    2009-12-20 06:10 . 2008-03-20 23:06
    d
    w- c:\program files\Winamp
    2009-12-20 02:43 . 2008-03-09 23:49
    d
    w- c:\program files\Kjpro
    2009-12-15 14:05 . 2009-01-10 20:44
    d
    w- c:\program files\Advanced Registry Doctor
    2009-12-15 03:27 . 2008-03-13 06:37
    d
    w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-12-11 22:21 . 2008-07-07 02:05
    d
    w- c:\program files\XoftSpy
    2009-12-08 15:09 . 2008-12-26 04:25
    d
    w- c:\program files\BeeThink SpyDetector_2.0
    2009-12-07 09:43 . 2009-08-20 18:43
    d
    w- c:\program files\Findbasic
    2009-12-05 00:13 . 2008-03-08 03:49
    d
    w- c:\program files\Paltalk Messenger
    2009-12-03 21:14 . 2008-10-09 01:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-03 21:13 . 2008-10-09 01:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-30 23:03 . 2009-05-20 03:03 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2009-11-30 23:03 . 2009-05-20 03:03 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2009-11-30 23:03 . 2009-05-20 02:41 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2009-11-30 23:03 . 2009-05-20 03:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2009-11-30 23:02 . 2009-04-04 13:24
    d
    w- c:\program files\AVG
    2009-11-24 00:11 . 2008-03-13 07:57
    d
    w- c:\program files\Java
    2009-11-24 00:10 . 2009-11-24 00:10 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2009-11-24 00:10 . 2009-11-24 00:10 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2009-11-23 06:33 . 2008-12-05 06:11
    d
    w- c:\program files\project dogwaffle
    2009-11-23 04:47 . 2008-03-12 03:14
    d
    w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
    2009-11-22 16:30 . 2009-10-18 15:29 163728 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
    2009-11-22 16:30 . 2009-10-18 15:29 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
    2009-11-22 16:30 . 2009-10-18 15:29 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
    2009-11-22 16:30 . 2009-10-18 15:29 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
    2009-11-21 02:23 . 2009-09-25 19:45 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
    2009-11-16 07:55 . 2008-05-16 05:13
    d
    w- c:\documents and settings\Owner\Application Data\Yahoo!
    2009-11-16 07:55 . 2008-05-16 05:12
    d
    w- c:\documents and settings\All Users\Application Data\Yahoo!
    2009-11-16 07:55 . 2008-03-12 03:08
    d
    w- c:\program files\Yahoo!
    2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
    2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
    2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
    2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
    2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
    2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
    2009-11-10 19:39 . 2009-11-16 07:54 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    2009-11-08 05:54 . 2009-04-21 02:43 16 ----a-w- c:\windows\popcinfo.dat
    2009-11-08 01:12 . 2008-03-13 08:10
    d
    w- c:\documents and settings\Owner\Application Data\LimeWire
    2009-10-28 15:31 . 2009-10-28 15:31 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2009-10-28 15:31 . 2009-10-28 15:31 93360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2009-10-28 15:31 . 2009-10-28 15:31 554280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
    2009-10-28 15:31 . 2009-10-28 15:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
    2009-10-28 15:31 . 2009-10-28 15:31 212480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
    2009-10-28 15:31 . 2009-10-28 15:31 283944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Vipre.dll
    2009-10-28 15:31 . 2009-10-28 15:31 1223976 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
    2009-10-28 15:31 . 2009-10-28 15:31 242984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
    2009-10-15 01:40 . 2009-10-15 15:50 54776 ----a-w- c:\documents and settings\All Users\Application Data\Findbasic\findbasic127.exe
    2009-10-11 09:17 . 2008-10-30 05:50 411368 ----a-w- c:\windows\system32\deploytk.dll
    2009-10-03 08:15 . 2009-10-18 15:28 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
    2008-02-01 03:18 . 2008-04-10 17:29 6613816 ----a-w- c:\program files\DRWSetup.exe
    2006-04-28 21:18 . 2008-03-26 02:01 4757680 ----a-w- c:\program files\PtdSetup.exe
    2006-04-24 21:55 . 2008-03-26 02:01 2031616 ----a-w- c:\program files\Ptd.iso
    2008-03-12 04:23 . 2008-03-12 03:15 24 -csh--w- c:\windows\SBAB60628.tmp
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
    2009-11-25 18:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
    [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
    "UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112]
    "AHQInit"="c:\program files\Creative\SBLive\Program\AHQInit.exe" [2001-05-10 102400]
    "AudioHQ"="c:\program files\Creative\SBLive\AudioHQ\AHQTB.EXE" [2000-05-11 205312]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
    "Conime"="c:\windows\system32\conime.exe" [2004-08-04 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-04-07 1511424]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2008-3-11 376832]
    c:\documents and settings\Default User\Start Menu\Programs\Startup\
    CamTrack.lnk - c:\program files\DigitalPeers\CamTrack\camtrack.exe [2008-3-11 376832]
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2003-08-26 49152]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-11-30 23:03 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
    2008-03-08 02:19 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=&quot;Service"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCTAVSvc]
    @=&quot;"
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PalTalk.lnk]
    backup=c:\windows\pss\PalTalk.lnkCommon Startup
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PalTalk.lnk
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk]
    backup=c:\windows\pss\Photags AutoDetect.lnkCommon Startup
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^AOL Desktop.lnk]
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^CamTrack.lnk]
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk]
    backup=c:\windows\pss\iWin Desktop Alerts.lnkStartup
    [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Owner\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared]
    2008-07-31 18:46 2131600 ----a-w- c:\program files\a-squared Anti-Malware\a2guard.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
    2008-03-29 19:05 684032 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 09:45 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AHQInit]
    2001-05-10 16:49 102400 ----a-w- c:\program files\Creative\SBLive\Program\AHQInit.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
    2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
    2000-05-11 06:00 205312 ----a-w- c:\program files\Creative\SBLive\AudioHQ\ahqtb.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
    2009-12-13 19:11 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bookmark]
    2008-10-27 01:27 2620416 ----a-w- c:\program files\Desksware\Power Favorites\Bookmark.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaptureIt]
    2008-10-29 15:42 1855488 ----a-w- c:\program files\CaptureIt\Captureit.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    2006-09-28 19:21 57344 ----a-w- c:\program files\SlySoft\CloneCD\CloneCDTray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
    2004-08-04 07:56 15360
    w- c:\windows\system32\ctfmon.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser RiskMonitor]
    2008-03-22 20:43 18536 ----a-w- c:\program files\East-Tec Eraser 2008\Launch.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-08-26 23:33 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Handy Folders]
    2009-07-27 21:58 2035712 ----a-w- c:\program files\Handy Folders\hf_tray.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
    2007-10-08 21:50 41824 ----a-w- c:\program files\Common Files\AOL\1205453449\ee\aolsoftware.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantAccess]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2009-11-10 20:39 5244216 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
    2008-04-17 23:27 9117696 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    2003-05-08 19:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    2009-07-08 09:53 4045496 ----a-w- c:\program files\Pando Networks\Pando\pando.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
    2009-04-16 16:27 1505168 ----a-w- c:\program files\PC Tools AntiVirus\PCTAV.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
    1998-07-03 20:51 25088
    w- c:\program files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2007-06-29 10:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    2008-03-08 02:37 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegisterDropHandler]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SES]
    2008-10-21 04:35 153088 ----a-w- c:\program files\ArzooSoft Solutions\Secure Evidence Scrubber\SES.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 22:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
    2008-09-16 17:16 1833296
    w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    2004-02-25 15:48 665088 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2007-12-14 11:42 144784 ----a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-06-06 05:40 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TidyFavorites]
    2009-04-18 00:08 2801664 ----a-w- g:\tidy favorites\TidyFavorites.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Typing Assistant (English)]
    2008-12-18 18:07 1593344 ----a-w- F:\Typing Assistant (English).exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
    2008-01-27 05:38 316728
    w- c:\program files\BillP Studios\WinPatrol\WinPatrol.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZortamMp3MediaStudio]
    2008-08-07 10:58 2834432 ----a-w- c:\program files\Zortam Mp3 Media Studio\zmmspro.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gusvc"=3 (0x3)
    "AOL TopSpeedMonitor"=2 (0x2)
    "aawservice"=2 (0x2)
    "a2AntiMalware"=2 (0x2)
    "nmservice"=2 (0x2)
    "LightScribeService"=2 (0x2)
    "iWinTrusted"=2 (0x2)
    "WMPNetworkSvc"=3 (0x3)
    "usnjsvc"=3 (0x3)
    "roclient"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "AOL ACS"=2 (0x2)
    "Findbasic Service"=2 (0x2)
    "Bonjour Service"=2 (0x2)
    "Lavasoft Ad-Aware Service"=2 (0x2)
    "ClipSrv"=3 (0x3)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
    "c:\\Myriad5-Pro\\mirc.exe"=
    "c:\\Program Files\\ICQ6.5\\ICQ.exe"=
    "g:\\Tidy Favorites\\TidyFavorites.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service
    "9322:TCP"= 9322:TCP:EKDiscovery
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [4/3/2009 5:17 PM 26624]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/18/2009 10:30 AM 64288]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [12/8/2009 8:31 AM 206256]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/19/2009 10:03 PM 333192]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/19/2009 10:03 PM 360584]
    R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [3/28/2008 12:23 PM 95592]
    R3 NFilter;NFilter Miniport;c:\windows\system32\drivers\nfilter.sys [12/25/2008 11:25 PM 17408]
    S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/28/2008 12:24 PM 721904]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\documents and settings\Owner\Local Settings\Temp\{88EC2455-7C89-4A3B-A1B2-EE73420D7189}\fsgk.sys --> c:\documents and settings\Owner\Local Settings\Temp\{88EC2455-7C89-4A3B-A1B2-EE73420D7189}\fsgk.sys [?]
    S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
    S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [10/1/2009 4:15 PM 23096]
    --- Other Services/Drivers In Memory ---
    *Deregistered* - mchInjDrv
    .
    Supplementary Scan
    .
    uSearchMigratedDefaultURL = hxxp://search.aol.com/aolcom/search?query={searchTerms}&invocationType=msie70a
    uStart Page = www.comcast.net
    mStart Page = www.comcast.net
    uInternet Connection Wizard,ShellNext = hxxp://www.dellconnect.com/
    LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-AnyDVD - f:\anydvd\AnyDVD.exe
    MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
    MSConfigStartUp-DealAssistant - c:\documents and settings\Owner\Application Data\DealAssistant\DealAssistant.exe
    MSConfigStartUp-nmctxth - c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    AddRemove-HijackThis - c:\documents and settings\Owner\Local Settings\temp\HijackThis.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-12-29 11:21
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    LOCKED REGISTRY KEYS
    [HKEY_USERS\S-1-5-21-1659004503-1425521274-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{F9CF9CF5-0203-F47E-2C09-64153B1D7B62}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "naofaigakbffjbndbpllcopkdejn"=hex:6a,61,6c,69,63,6f,61,6a,6c,69,62,6e,68,68,
    67,67,68,69,6d,6d,00,07
    "mamfghkbbccocndkagjmoanpio"=hex:69,61,6b,69,64,62,65,6e,6b,70,68,6d,6b,6d,69,
    69,61,6c,00,ff
    "hakgmdgadoijbdom"=hex:61,62,70,6c,6f,6b,6d,68,66,62,64,6f,6d,63,70,6f,70,6b,
    66,67,6a,64,70,64,69,6c,69,6a,6a,67,61,6b,63,6e,00,7c
    "hakgmdgaacbempll"=hex:6f,61,69,69,65,6e,68,67,6f,70,6c,69,61,68,69,68,66,6a,
    66,67,65,69,6d,6e,6f,67,6d,6a,64,63,00,6b
    .
    DLLs Loaded Under Running Processes
    - - - - - - - > 'winlogon.exe'(956)
    c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll
    c:\program files\PC Tools AntiVirus\PCTAVHook.dll
    - - - - - - - > 'lsass.exe'(1012)
    c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
    c:\program files\PC Tools AntiVirus\PCTAVHook.dll
    .
    Completion time: 2009-12-29 11:32:04
    ComboFix-quarantined-files.txt 2009-12-29 16:31
    ComboFix2.txt 2009-08-25 23:36
    Pre-Run: 85,079,674,880 bytes free
    Post-Run: 85,057,814,528 bytes free
    - - End Of File - - 1251DB7FFE00DADA1C8A410CC236AB1C
  • edited December 2009
    I notice you are running two anti-virus programs:
    AVG Anti-Virus Free
    PC Tools AntiVirus 6.1.0.25


    Running two AV programs simultaneously may cause conflicts; hence it is highly recommended that you uninstall one. Your choice which to remove.

    How's your PC running at this point in time?
  • edited December 2009
    It seems to load a bit quicker but I am still getting - Windows Explorer Has Incountered A Problem error when I right click on a folder and has to shut down...It wipes out all my desktop icons and taskbar to a blue screen after a couple minutes the desktop will load back up but not all the taskbar....It doesn't give me a error number to post but it does say ModName: Kernel32.dll if that helps you any....Sometimes it doesn't load back up and I have to shut down manually...This has been doing this for about a month now and driving me absolutly batty....
  • edited January 2010
    OK....let's have you go HERE to run Panda ActiveScan 2.0
    • Click the big green Scan now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • Once the scan is completed, please hit the notepad icon next to the text Export to:
    • Save it to a convenient location such as your Desktop
    • Post the contents of the ActiveScan.txt in your next reply.
  • edited January 2010
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2010-01-05 18:20:47
    PROTECTIONS: 1
    MALWARE: 24
    SUSPECTS: 3
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    AVG Anti-Virus Free 9.0 No Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00020386 Application/MotherboardMonitor.A HackTools No 0 Yes No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\myriad_strandedirc.zip[myriad/myriad.dll]
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@doubleclick[1].txt
    00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@atdmt[1].txt
    00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ad.yieldmanager[2].txt
    00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@advertising[2].txt
    00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\documents and settings\owner\cookies\owner@ads.pointroll[1].txt
    00246224 Adware/Comet Adware No 0 Yes No c:\program files\acoustica cd label maker\fileutil.dll
    00331070 Application/MotherboardMonitor.A HackTools No 0 Yes No c:\myriad\myriad.dll
    00331070 Application/MotherboardMonitor.A HackTools No 0 Yes No f:\myriad\myriad.dll
    00331070 Application/MotherboardMonitor.A HackTools No 0 No No c:\temp\myriad_radpack_i.exe[c:\temp\myriad_radpack_i.exe][myriad.dll]
    00815304 mIRC/Gen Virus/Worm No 0 Yes No c:\myriad5-pro\system\remotes\easyfind3.ini
    00966839 Spyware/Virtumonde Spyware No 1 Yes No c:\system volume information\_restore{0244efac-ee5a-4009-be2b-46e491908d0c}\rp826\a0170955.dll
    01048527 Generic Malware Virus/Trojan No 0 No No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\xoft spy v3.43 + v3.45 serial cracked.removesspyware, malware, trackware, keyloggers.rar[xoftspy.v3.43.cracked.winall-f4cg detecta y elimina spyware, malware, trackware, keyloggers\crack\patch.exe]
    01211487 Generic Trojan Virus/Trojan No 0 No No f:\driver dectective v.6.2.5.0 -full-\dri_det_6.2.5.0\driverdetective.exe[f:\driver dectective v.6.2.5.0 -full-\dri_det_6.2.5.0\driverdetective.exe][drver.exe]
    01262593 Application/NirCmd.A HackTools No 0 No No f:\paltalk buddies 6\programs from dog\combofix.exe[f:\paltalk buddies 6\programs from dog\combofix.exe][nircmd.exe]
    01262593 Application/NirCmd.A HackTools No 0 Yes No f:\combofix\nircmd.cfexe
    01262593 Application/NirCmd.A HackTools No 0 No No f:\programs from dog\combofix.exe[f:\programs from dog\combofix.exe][nircmd.exe]
    01262593 Application/NirCmd.A HackTools No 0 Yes No f:\combofix\nircmd.exe
    01650237 Generic Malware Virus/Trojan No 0 No No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\spynomore\spynomore.exe[snmieguard.dll]
    02893774 Spyware/Iehelp Spyware No 1 Yes No f:\iwin games\webinstaller.exe
    03541233 HackTool/Rebooter HackTools No 0 Yes No f:\paltalk buddies 6\programs from dog\smitfraudfix\reboot.exe
    03541233 HackTool/Rebooter HackTools No 0 Yes No f:\programs from dog\smitfraudfix\reboot.exe
    03755500 Generic Trojan Virus/Trojan No 0 Yes No c:\qoobox\quarantine\c\windows\system32\cpmsky-uninst.exe.vir
    03899005 Generic Malware Virus/Trojan No 0 No No f:\paltalk buddies 6\programs from dog\combofix.exe[f:\paltalk buddies 6\programs from dog\combofix.exe][ntp.exe]
    03899005 Generic Malware Virus/Trojan No 0 No No f:\programs from dog\combofix.exe[f:\programs from dog\combofix.exe][ntp.exe]
    03919035 Generic Malware Virus/Trojan No 0 Yes No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\codes\nero key generater.exe
    03919041 Generic Malware Virus/Trojan No 0 No No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs from limewire\anydvd 5.3.2.1 clonedvd 2.8.5.1 clonecd 5.2.6.1 clonedvd v 2.7.5.1 dvd decrypter 3 dvd shrink 3 virtual clone drive v 5.0.1.3 cracks!! ( tout fr).rar.rar[anydvd 5.3.2.1\crack\slysoft.exe]
    03919041 Generic Malware Virus/Trojan No 0 No No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs from limewire\anydvd 5.3.2.1 clonedvd 2.8.5.1 clonecd 5.2.6.1 clonedvd v 2.7.5.1 dvd decrypter 3 dvd shrink 3 virtual clone drive v 5.0.1.3 cracks!! ( tout fr).rar.rar[clonecd 5.2.6.1\crack\slysoft.exe]
    03919041 Generic Malware Virus/Trojan No 0 No No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs from limewire\anydvd 5.3.2.1 clonedvd 2.8.5.1 clonecd 5.2.6.1 clonedvd v 2.7.5.1 dvd decrypter 3 dvd shrink 3 virtual clone drive v 5.0.1.3 cracks!! ( tout fr).rar.rar[clonedvd 2.8.5.1\crack\slysoft.exe]
    03921132 Generic Trojan Virus/Trojan No 0 Yes No c:\system volume information\_restore{0244efac-ee5a-4009-be2b-46e491908d0c}\rp838\a0173928.exe
    03921132 Generic Trojan Virus/Trojan No 0 Yes No c:\documents and settings\owner\desktop\most used program icons\program icons\programs\dvdfab platinum keygen\keygen.exe
    03921132 Generic Trojan Virus/Trojan No 0 Yes No f:\dvdfab platinum keygen\keygen.exe
    03987693 Generic Trojan Virus/Trojan No 0 No No f:\cdg's\new karaoke disc's\new cdg folders - check them\programs from myriad\linezer0.part1.rar[keygen.exe]
    05673495 Adware/DollarRevenue Adware No 1 Yes No c:\program files\photo stamp remover\stampremover.exe
    05774991 Adware/OneStep Adware Yes 0 Yes No c:\documents and settings\all users\application data\findbasic\findbasic127.exe
    05774991 Adware/OneStep Adware No 0 Yes No c:\program files\findbasic\findbasic.exe
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location
    ;===================================================================================================================================================================================
    No c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\myriad_strandedirc.zip[myriad/omenserve/dukelupus/search.dll]
    No f:\misc.stuff 3\copytodvd_4_0_0_35_patch_by_bokiv.zip[patch.exe]
    No f:\misc.stuff 3\paltalk goodie tools\programs-paltalk patch to view cams in black nic\copytodvd_4_0_0_35_patch_by_bokiv.zip[patch.exe]
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description
    ;===================================================================================================================================================================================
    215938 HIGH MS09-072
    215935 HIGH MS09-069
    215048 HIGH MS09-065
    120815 HIGH MS06-022
    ;===================================================================================================================================================================================
  • edited January 2010
    Now since I've done these scans I'm getting a new error whe I log on AOL.
    FP_AX_CAB_Installer.exe Application Error
    The instruction at "0x771216a7" referenced memory at "0x771216a7".
    The memory could not be "read".
    Click OK to terminatethe program
  • edited January 2010
    Are you familiar with any of these programs?
    myriad
    acoustica cd label maker
    photo stamp remover
    spynomore
    findbasic



    Please let me know which you absolutely require.
  • edited January 2010
    Myriad I have To Keep
    Acoustica I Have To Keep
    Photo Stamp Remover I Would Like To Keep
    Spynomore I have tried and tried to remove but all I can find is the icon to open the program I don't have it in my add and remove in controll panel or in my all programs list so I don't know how I am going to remove it but I want it off my pc that is the program that came from Giveaway Of The Day and I know its a cause in some of my problems its not even in my start up
    Findbasics I have no idea what it is so it needs to be removed also
    Thank You
    DragonBiaotch
  • edited January 2010
    The Acoustica Lable Maker I could part with I have another one I use that's better....
  • edited January 2010
    Please go to Control Panel > Add/Remove Programs and uninstall the following if present:
    findbasic
    iwin games
    spynomore


    Reboot after uninstallation.


    Then navigate to and delete the following folders:
    c:\program files\findbasic\
    c:\documents and settings\owner\desktop\most used program icons\program icons\programs\dvdfab platinum keygen\
    f:\iwin games\
    c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs to install\spynomore

    And this file:
    c:\documents and settings\owner\desktop\most used program icons\program icons\programs from giveaway of the day2\programs from limewire\anydvd 5.3.2.1 clonedvd 2.8.5.1 clonecd 5.2.6.1 clonedvd v 2.7.5.1 dvd decrypter 3 dvd shrink 3 virtual clone drive v 5.0.1.3 cracks!! ( tout fr).rar.rar


    As you can see, besides being illegal, downloading many of these programs from P2P programs such as Limewire can cause malware to enter your system. I highly suggest you cease the usage of such P2P programs.

    Please update me. Thanks.
  • edited January 2010
    Ok I removed everything except the Iwin Games those were games I bought and installed years ago on my pc and have been running fine...But I still get the Windows Has encountered a problem and needs to close when I right click on a folder....If I right click on a shortcut folder it's ok...after I click don't send or send all my desktop icons dissapear for a few seconds then it opens my desktop back up...
    Thanks for all your help...
  • edited January 2010
    New Hijack This Log File 1-19-10

    Logfile of HijackThis v1.99.1
    Scan saved at 1:38:38 AM, on 1/19/2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16915)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Kodak\AiO\center\KodakSvc.exe
    C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\AOL\1205453449\ee\aolsoftware.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\AOL 9.1\waol.exe
    C:\Program Files\AOL 9.1\shellmon.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis_199.zip\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.comcast.net
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellconnect.com/
    R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
    O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - F:\TextAloud\TAForIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: Handy Folders - {D8168918-45A1-4514-A2DB-2263A6C58D44} - C:\PROGRA~1\HANDYF~1\folders.dll
    O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
    O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://instantgreetings.aol.com/prod/install.html
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} (MetaStreamCtl Class) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1261759385109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261759369671
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
    O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} (Photo Upload Plugin Class) - http://www.costcophotocenter.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab?
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/ocx/15034/CTPID.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe
    O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\AiO\center\KodakSvc.exe
    O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Advanced Registry Doctor\RegManServ.exe
    O23 - Service: RGService - Unknown owner - F:\RadioGet\RGService.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
  • edited February 2010
    Will there ever be a reply to this ? I think there's been more then enough time to get a answer back on this.....
Sign In or Register to comment.