Wireshark virus

Printable View

Show 40 post(s) from this thread on one page

August 17th, 2010, 08:15 PM
timmyb74

1 Attachment(s)

:)
Here it is...
August 17th, 2010, 08:35 PM
Broni
Please, always paste all logs into your reply. If it doesn't fit, split it between couple of posts.

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

===============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
August 17th, 2010, 09:23 PM
timmyb74

:)
The computer seems to be operating normally as far as I can tell.

OTL.txt I found. Extras.txt I have not seen.

OTL. txt too long. I will split and resend.

OTL logfile created on: 8/17/2010 10:56:38 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 45.72 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEVINS-NEW
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2010/07/29 22:13:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 09:59:49 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:59:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:59:46 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:59:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:59:15 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
PRC - [2007/12/14 00:26:40 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/07 01:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009/02/16 20:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -- (STacSV)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pam\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:59:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:59:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/16 05:48:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/02 09:31:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/15 00:08:14 | 000,039,480 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/02/27 15:36:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/27 15:36:46 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/07/24 23:15:31 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/02/26 01:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/03 10:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/14 00:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/11 08:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/07/20 13:40:10 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:7.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 15:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 22:13:47 | 000,000,000 | ---D | M]

[2008/09/05 15:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2010/08/10 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions
[2009/10/15 19:50:22 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/17 15:08:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/10 05:05:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/13 20:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/16 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/02 22:31:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/26 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/07/12 21:14:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/05 06:38:13 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/08/02 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/07 06:13:06 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\searchplugins\fast-browser-search.xml
[2010/08/12 21:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/17 17:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/10 18:39:28 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
August 17th, 2010, 09:24 PM
timmyb74

OTL logfile created on: 8/17/2010 10:56:38 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 45.72 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEVINS-NEW
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2010/07/29 22:13:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 09:59:49 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:59:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:59:46 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:59:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:59:15 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
PRC - [2007/12/14 00:26:40 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/07 01:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009/02/16 20:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -- (STacSV)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pam\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:59:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:59:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/16 05:48:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/02 09:31:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/15 00:08:14 | 000,039,480 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/02/27 15:36:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/27 15:36:46 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/07/24 23:15:31 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/02/26 01:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/03 10:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/14 00:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/11 08:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/07/20 13:40:10 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:7.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 15:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 22:13:47 | 000,000,000 | ---D | M]

[2008/09/05 15:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2010/08/10 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions
[2009/10/15 19:50:22 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/17 15:08:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/10 05:05:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/13 20:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/16 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/02 22:31:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/26 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/07/12 21:14:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/05 06:38:13 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/08/02 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/07 06:13:06 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\searchplugins\fast-browser-search.xml
[2010/08/12 21:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/17 17:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/10 18:39:28 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
August 17th, 2010, 09:32 PM
timmyb74

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:7.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 15:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 22:13:47 | 000,000,000 | ---D | M]

[2008/09/05 15:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2010/08/10 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions
[2009/10/15 19:50:22 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/17 15:08:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/10 05:05:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/13 20:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/16 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/02 22:31:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/26 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/07/12 21:14:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/05 06:38:13 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/08/02 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/07 06:13:06 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\searchplugins\fast-browser-search.xml
[2010/08/12 21:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/17 17:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/10 18:39:28 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
August 17th, 2010, 09:34 PM
timmyb74

I know I kind of butchered that up, but as you are well aware by now I'm not exactly a whiz at this...:o
August 17th, 2010, 09:38 PM
Broni

Please, attach the file and I'll post it for you :)
August 17th, 2010, 09:40 PM
timmyb74

1 Attachment(s)

:(:(:(
Sorry
August 17th, 2010, 09:44 PM
Broni

No worries :)

OTL logfile created on: 8/17/2010 10:56:38 PM - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18372)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 45.72 Gb Free Space | 15.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEVINS-NEW
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
PRC - [2010/07/29 22:13:42 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/15 09:59:49 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 09:59:47 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:59:46 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 09:59:16 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/15 09:59:15 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/02 20:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/08/18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/07/10 14:49:24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService7.exe
PRC - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
PRC - [2007/12/14 00:26:40 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/10/07 01:23:20 | 000,090,112 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/15 09:59:44 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/26 16:04:26 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService7.exe -- (UserAccess7) SecuROM User Access Service (V7)
SRV - [2009/02/16 20:39:00 | 002,736,890 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2007/12/14 00:27:34 | 000,212,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe -- (STacSV)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/07/11 18:25:20 | 000,025,640 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Pam\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/15 09:59:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:59:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/16 05:48:18 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/06/02 09:31:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/15 00:08:14 | 000,039,480 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stdriver32.sys -- (stdriver)
DRV - [2010/02/27 15:36:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/27 15:36:46 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/07/24 23:15:31 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nocashio.sys -- (nocashio)
DRV - [2008/02/26 01:51:43 | 002,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/01/03 10:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/12/14 00:28:20 | 001,270,872 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/10/11 08:40:12 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2007/07/20 13:40:10 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2005/01/04 14:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\npptNT2.sys -- (NPPTNT2)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://yahoo.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: [email protected]d:1.5.3
FF - prefs.js..extensions.enabledItems: [email protected]:7.3
FF - prefs.js..extensions.enabledItems: {dc961bb0-dfb2-11dc-95ff-0800200c9a66}:2.20100123
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.5
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 15:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/29 22:13:47 | 000,000,000 | ---D | M]

[2008/09/05 15:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Extensions
[2010/08/10 20:54:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions
[2009/10/15 19:50:22 | 000,000,000 | ---D | M] (PDF Download) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010/03/17 15:08:00 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/08/10 05:05:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/13 20:39:00 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/16 22:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/02 22:31:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/26 20:53:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{C2DCA7EB-22D2-4FD2-86A9-F99FCC8122BB}
[2010/07/12 21:14:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/05 06:38:13 | 000,000,000 | ---D | M] (MidnightFoxy) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}
[2010/08/02 23:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/04/14 20:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\[email protected]
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions
[2010/02/05 06:38:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\extensions\{dc961bb0-dfb2-11dc-95ff-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009/12/07 06:13:06 | 000,005,407 | ---- | M] () -- C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\9emoq70k.default\searchplugins\fast-browser-search.xml
[2010/08/12 21:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/17 17:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/07/17 04:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/12/10 18:39:28 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2008/06/18 02:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/01/28 23:08:04 | 000,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 03:39:42 | 000,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/03/24 11:34:04 | 000,002,456 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
August 17th, 2010, 09:45 PM
Broni

O1 HOSTS File: ([2010/08/17 20:22:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EnGraph QuickTimeKiller] C:\Program Files\EnGraph\QuicktimeKiller\QuickTimeKiller.exe ( )
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Systems Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([www] http in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} http://www.nero.com/doc/NeroVersionCheckerControl.cab (NeroVersionCheckerControl Control)
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} http://www.acclaim.com/cabs/acclaim_v5.cab (GameLauncher Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/amp...1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activ...eX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/03 10:11:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0aa8d410-c8ec-11dd-bceb-001e90bea03a}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found
O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell - "" = AutoRun
O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell - "" = AutoRun
O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
August 17th, 2010, 09:46 PM
Broni

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - - File not found
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 22:54:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2010/08/17 21:50:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/17 00:57:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/16 00:19:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/11 23:04:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\BDOSCAN8
[2010/08/09 05:34:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim\Recent
[2010/08/04 16:18:36 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/07/15 09:59:46 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/09 15:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\pics
[2010/07/08 09:03:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 09:03:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 09:03:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/07 22:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/07/07 08:34:26 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tim\IECompatCache
[2010/07/01 12:24:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/07/01 12:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/07/01 12:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/06/30 00:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
[2010/06/29 21:52:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2010/06/29 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/06/29 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\usxkdalio
[2010/06/29 21:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/28 10:22:22 | 000,015,760 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\iviaspi.sys
[2010/06/28 10:22:12 | 000,000,000 | ---D | C] -- C:\Program Files\SanDisk
[2010/06/28 05:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/06/28 05:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2010/06/27 01:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/27 01:16:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/22 17:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/22 17:35:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/22 17:31:50 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/06 12:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/06/06 12:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/31 01:06:56 | 000,000,000 | ---D | C] -- C:\divx

========== Files - Modified Within 90 Days ==========

[2010/08/17 22:54:55 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTL.exe
[2010/08/17 22:51:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/17 22:51:15 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/17 22:50:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 22:50:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 22:33:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-926492609-725345543-1003UA.job
[2010/08/17 22:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/17 22:02:14 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 21:50:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/17 21:42:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/08/17 20:22:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 20:17:22 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/17 15:33:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-926492609-725345543-1003Core.job
[2010/08/17 13:28:41 | 063,535,211 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/16 00:20:56 | 003,932,160 | ---- | M] () -- C:\Documents and Settings\Tim\ntuser.dat
[2010/08/14 20:37:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tim\ntuser.ini
[2010/08/13 13:55:44 | 000,398,744 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/08/08 21:42:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2010/08/07 12:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/06 22:35:53 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/04 16:18:36 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/08/04 16:18:36 | 000,013,044 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/08/04 16:18:36 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/08/02 12:36:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/22 20:55:54 | 001,602,560 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/07/18 13:58:12 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Dependable Astro AWD won.doc
[2010/07/15 09:59:48 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:59:46 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/15 09:59:16 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 14:35:36 | 003,348,480 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/07/08 09:03:45 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/30 13:30:49 | 000,000,891 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\My Sharing Folders.lnk
[2010/06/30 13:20:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/06/30 13:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/06/28 12:52:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/28 12:52:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/28 12:45:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/28 12:45:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/28 12:26:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/28 12:26:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/27 21:59:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/27 21:59:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/27 20:40:26 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Chrysler LeBaron GTC 2.doc
[2010/06/25 22:39:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/25 22:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/24 03:18:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/24 03:18:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/24 03:02:29 | 000,500,732 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/24 03:02:29 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/24 03:02:29 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 17:36:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/22 17:36:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/22 08:29:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/22 08:29:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/21 08:08:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/21 08:08:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/19 21:13:05 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\CCleaner.lnk
[2010/06/17 10:07:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/17 10:07:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/13 21:23:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/13 21:23:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/13 13:24:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/06/13 13:24:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/06/11 19:17:35 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Tim\My Documents\Summer is here.doc
[2010/06/11 03:15:00 | 000,165,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 22:36:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/08 22:36:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/07 10:56:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/07 10:56:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/06 19:58:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/06 19:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/02 09:31:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 13:53:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/01 13:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/05/31 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/05/31 17:03:54 | 000,103,511 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2010/05/31 15:25:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/05/31 15:25:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/05/28 07:15:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/28 07:15:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/27 07:32:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/27 07:32:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
August 17th, 2010, 09:46 PM
Broni

========== Files Created - No Company Name ==========

[2010/08/17 01:39:56 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2010/08/17 01:39:52 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/08 21:42:22 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
[2010/08/08 21:42:22 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
[2010/08/04 16:18:36 | 000,013,044 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/08/04 16:18:36 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/07/18 13:58:12 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Dependable Astro AWD won.doc
[2010/07/08 09:03:45 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/01 15:28:23 | 000,000,970 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-926492609-725345543-1003UA.job
[2010/07/01 15:28:23 | 000,000,918 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-926492609-725345543-1003Core.job
[2010/06/30 13:30:49 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\My Sharing Folders.lnk
[2010/06/27 20:28:04 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Chrysler LeBaron GTC 2.doc
[2010/06/25 08:13:09 | 003,932,160 | ---- | C] () -- C:\Documents and Settings\Tim\ntuser.dat
[2010/06/11 19:17:35 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Tim\My Documents\Summer is here.doc
[2010/06/06 12:00:07 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 12:00:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/31 17:03:09 | 000,104,156 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/05/31 17:03:09 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/05/25 22:42:06 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2010/03/01 06:46:23 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Tim\Application Data\default.pls
[2010/01/07 13:05:40 | 000,000,100 | ---- | C] () -- C:\WINDOWS\ka.ini
[2009/12/31 20:32:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/27 21:02:51 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/11/09 12:32:04 | 000,000,330 | ---- | C] () -- C:\WINDOWS\RBuilder.ini
[2009/10/18 17:08:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009/09/30 19:10:39 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2009/09/30 19:10:34 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2009/09/30 19:10:29 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009/09/30 19:10:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009/08/28 10:58:31 | 000,177,664 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/24 23:15:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\nocashio.sys
[2009/06/03 21:22:47 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
[2009/06/03 21:22:47 | 000,006,399 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
[2009/06/03 21:22:47 | 000,003,677 | R--- | C] () -- C:\WINDOWS\PlaySnd.INI
[2009/05/25 21:16:27 | 001,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll
[2009/05/01 10:14:36 | 000,000,031 | ---- | C] () -- C:\WINDOWS\GunzLauncher.INI
[2009/04/02 05:34:28 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/03/12 05:38:23 | 002,788,800 | ---- | C] () -- C:\Program Files\FLV PlayerFCSetup.exe
[2009/03/12 05:34:47 | 021,011,904 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2009/02/12 21:01:22 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/02/12 21:01:22 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2008/12/30 21:27:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/30 21:27:42 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/12/30 21:27:40 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2008/10/16 03:02:03 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/14 20:24:09 | 000,005,087 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ywasvxup.hvs
[2008/10/14 18:01:39 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2008/10/08 20:07:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/09/09 18:37:25 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/09 18:24:17 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\fusioncache.dat
[2008/09/09 18:10:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/09/09 16:38:38 | 000,002,072 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/09/07 08:37:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/06 21:12:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2007/11/26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/08/06 19:22:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/06/28 06:54:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 06:52:18 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS

========== LOP Check ==========

[2008/11/10 19:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2008/11/15 13:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2010/03/11 09:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/11 06:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/10 13:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/01/08 23:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/18 23:11:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IJJIGame
[2009/01/08 23:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2008/09/06 21:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/03/15 21:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2010/05/15 00:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/12/05 12:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2008/09/15 20:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2008/09/30 05:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/15 19:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/03/12 22:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/15 21:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{2853BFD5-3865-45EB-A4E3-967D4A9B969A}
[2010/04/10 17:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 23:04:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/11/11 06:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Acoustica
[2009/07/10 21:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\BitTorrent
[2009/09/18 23:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
[2009/12/31 09:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Skinux
[2010/02/13 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Uniblue
[2010/05/31 22:42:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2010/08/08 21:42:23 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
[2010/08/17 21:42:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< >

< %SYSTEMDRIVE%\*.* >
[2008/09/03 10:11:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/17 20:17:22 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2010/08/17 21:50:27 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/17 22:49:31 | 000,002,127 | ---- | M] () -- C:\ComboFix.txt
[2008/09/03 10:11:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/30 21:28:55 | 000,003,108 | ---- | M] () -- C:\Cucu_Video_log.txt
[2009/04/02 05:34:28 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2009/03/29 16:27:34 | 000,000,017 | ---- | M] () -- C:\gputest.txt
[2008/10/12 13:59:01 | 000,000,425 | ---- | M] () -- C:\InstallHelper.log
[2008/09/03 10:11:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/08 18:20:47 | 000,000,449 | ---- | M] () -- C:\LOGA.log
[2008/09/03 10:11:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/03 22:49:00 | 000,000,000 | ---- | M] () -- C:\NdoorsLog.txt
[2008/09/03 10:28:42 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/03 10:28:42 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/08/15 23:07:15 | 000,097,964 | ---- | M] () -- C:\OTL.Txt
[2010/08/17 22:50:44 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2008/11/11 17:19:39 | 000,044,967 | ---- | M] () -- C:\session.log
[2010/05/28 07:15:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2010/05/31 15:25:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2010/06/01 13:53:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2010/06/21 08:08:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2010/06/22 08:29:05 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2010/06/06 19:58:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/06/07 10:56:15 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/06/08 22:36:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/06/13 13:24:22 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/06/13 21:23:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2010/06/17 10:07:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2010/06/22 17:36:44 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2010/06/24 03:18:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2010/06/25 22:39:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2010/06/27 21:59:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2010/06/28 12:26:13 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/06/28 12:45:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2010/06/28 12:52:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2010/06/30 13:20:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2010/05/27 07:32:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2010/05/28 07:15:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2010/05/31 15:25:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2010/06/01 13:53:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2010/06/21 08:08:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2010/06/22 08:29:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2010/06/06 19:58:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2010/06/07 10:56:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/06/08 22:36:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/06/13 13:24:22 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/06/13 21:23:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2010/06/17 10:07:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2010/06/22 17:36:44 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2010/06/24 03:18:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2010/06/25 22:39:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2010/06/27 21:59:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2010/06/28 12:26:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2010/06/28 12:45:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/06/28 12:52:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2010/06/30 13:20:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2010/05/27 07:32:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/09/09 16:45:58 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/02/25 23:12:07 | 000,372,736 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/03 05:59:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/03 05:59:34 | 000,626,688 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/03 05:59:34 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 00:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 00:56:48 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-17 07:00:35

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tim\My Documents\My Music:Roxio EMC Stream
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8
< End of report >
August 17th, 2010, 09:52 PM
Broni
Uninstall Uniblue Registry Booster
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

=================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================================

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Code:
  
  :OTL IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C8413C1-FAD1-446C-8584-BE50576F863E} - No CLSID value found. O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe (Uniblue Systems Limited) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O33 - MountPoints2\{0aa8d410-c8ec-11dd-bceb-001e90bea03a}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe -- File not found O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell - "" = AutoRun O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{611668f8-e266-11de-8aa7-001e90bea03a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell - "" = AutoRun O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a1cf75d5-0ab4-11de-89e5-001e90bea03a}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found [2010/07/01 12:23:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee [2010/06/29 21:41:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\usxkdalio [2010/02/13 19:42:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim\Application Data\Uniblue @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Tim\My Documents\My Music:Roxio EMC Stream @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB1B13D8 :Services :Reg :Files C:\Program Files\Uniblue :Commands [purity] [emptytemp] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
=============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  - Spyware, Adware, Dialers, and other potentially dangerous programs
  - Archives
  - Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
August 17th, 2010, 09:59 PM
timmyb74

:confused:
How do I uninstall Uniblue Registry Booster? I can't find it in add/remove programs.:(
August 17th, 2010, 10:16 PM
Broni

I just edited OTL script, so Registry Booster will be removed automatically.

Proceed with Java step and OTL.

Show 40 post(s) from this thread on one page