TrojansC-02, Virtumonde.prx and google redirection

**blueutopiah** · 24-06-2010

Hello:

I've gotten a nasty Trojan virus on my laptop and it's been slowly eating its way through my OS.

Symptoms include: redirection of google links, pop-up windows when Firefox is open, changes to all my settings, my sound driver has been uninstalled, and I have various problems with Windows files being corrupt or missing. I've run Spybot, Malwarebytes, Superanti-spyware, and I have AVG as an anti-virus.

Everytime I run Malwarebytes I get different results, from it finding no infections to multiple ones, and AVG's resident shield usually comes up with Trojan Infections when I run Malwarebytes and tries to stop it.

Here is my most recent Malwarebytes log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4217

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/23/2010 9:05:36 PM
mbam-log-2010-06-23 (21-05-36).txt

Scan type: Full scan (C:\|)
Objects scanned: 234587
Time elapsed: 1 hour(s), 7 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes Log from yesterday:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4217

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

6/22/2010 3:39:01 PM
mbam-log-2010-06-22 (15-39-01).txt

Scan type: Full scan (C:\|)
Objects scanned: 231175
Time elapsed: 1 hour(s), 1 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\6to4 (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\6to4v32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\rIx8DKu4.com (Malware.Generic) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

AVG scan from Saturday 6/19, which listed the Trojan Virus (all further scans have said there is no infection, although Resident Shield pops up when I'm running Malwarebytes, but I haven't been able to find a log for it):

Scan "Scan whole computer" completed.
Infections;"10";"10";"0"
Folders selected for scanning:;"Scan whole computer"
Scan started:;"Saturday, June 19, 2010, 2:57:10 PM"
Scan finished:;"Saturday, June 19, 2010, 3:36:32 PM (39 minute(s) 22 second(s))"
Total object scanned:;"296274"
User who launched the scan:;"Blueutopiah"

Infections
File;"Infection";"Result"
C:\WINDOWS\wofsdl.dll;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\WINDOWS\wofsdl.dll;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\WINDOWS\wofsdl.dll;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\WINDOWS\system32\rundll32.exe (500);"Trojan horse SHeur3.ADBJ";"Reboot is required to finish the action"
C:\WINDOWS\Explorer.EXE (136);"Trojan horse SHeur3.ADBJ";"Reboot is required to finish the action"
C:\Program Files\Mozilla Firefox\asfoia2324hgoia.exe;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\Documents and Settings\Blueutopiah\Local Settings\Temporary Internet Files\Content.IE5\YX0JUXIJ\installsconverter[1].exe;"Trojan horse Adload_r.AGW";"Moved to Virus Vault"
C:\Documents and Settings\Blueutopiah\Local Settings\Temporary Internet Files\Content.IE5\85U32NU9\tbprofit[1].exe;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\Documents and Settings\Blueutopiah\asfoia2324hgoia.exe;"Trojan horse SHeur3.ADBJ";"Moved to Virus Vault"
C:\Documents and Settings\Blueutopiah\Application Data\tempimage.exe;"Trojan horse Generic18.OCA";"Moved to Virus Vault"

And my HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:38:28 PM, on 6/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Replay Media Catcher\FLVSrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: CCAB - {C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A} - C:\WINDOWS\system32\FyK11dJy.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: TBSB05974 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: Search Toolbar - {0C8413C1-FAD1-446C-8584-BE50576F863E} - C:\Program Files\Search Toolbar\tbcore3.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files\Replay Media Catcher\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [EPSON Stylus Photo R380 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB OA.EXE /FU "C:\WINDOWS\TEMP\E_S3C2.tmp" /EF "HKCU"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 7853 bytes

Any help is greatly appreciated. Thank you.

Blueutopiah

**broni** · 24-06-2010

Download GMER: GMER - Rootkit Detector and Remover, by clicking on Download EXE button.
Alternative downloads:
- |MG| GMER 1.0.15.15281 Download
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

================================================== =========

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

**blueutopiah** · 24-06-2010

Thank you for such a quick reply!

Gmer log: (it took quite a bit of time to run and after saving the log my laptop froze and needed a restart)

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-24 10:10:23
Windows 5.1.2600 Service Pack 2
Running: 55jvizv9.exe; Driver: C:\DOCUME~1\BLUEUT~1\LOCALS~1\Temp\uwrdrpod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB980B360, 0x2F26B7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2176] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 00A0000A
.text C:\WINDOWS\Explorer.EXE[2176] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 00AE000A
.text C:\WINDOWS\Explorer.EXE[2176] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 009F000C
.text C:\WINDOWS\system32\svchost.exe[18272] ntdll.dll!NtProtectVirtualMemory 7C90DEB6 5 Bytes JMP 0082000A
.text C:\WINDOWS\system32\svchost.exe[18272] ntdll.dll!NtWriteVirtualMemory 7C90EA32 5 Bytes JMP 0083000A
.text C:\WINDOWS\system32\svchost.exe[18272] ntdll.dll!KiUserExceptionDispatcher 7C90EAEC 5 Bytes JMP 0081000C
.text C:\WINDOWS\system32\svchost.exe[18272] USER32.dll!GetCursorPos 77D4C566 5 Bytes JMP 00CB000A
.text C:\WINDOWS\system32\svchost.exe[18272] ole32.dll!CoCreateInstance 77526009 5 Bytes JMP 00E3000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\OEM02Mon.exe (*** hidden *** ) @ C:\WINDOWS\OEM02Mon.exe [2584] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2592] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2600] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2616] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2700] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2912] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2948] 0x00400000
Library C:\Program (*** hidden *** ) @ C:\Program [2996] 0x00400000
Library C:\PROGRA~1\AVG\AVG9\avgtray.exe (*** hidden *** ) @ C:\PROGRA~1\AVG\AVG9\avgtray.exe [3016] 0x00400000

---- EOF - GMER 1.0.15 ----

ComboFix Log (It had to restart because it dectected Rootkit actitivy but otherwise ran fine):

ComboFix 10-06-23.05 - Blueutopiah 06/24/2010 10:28:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1600 [GMT -4:00]
Running from: c:\documents and settings\Blueutopiah\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\4qQ7fc6u.exe
c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Blueutopiah\Application Data\97979797979797979797.exe
c:\documents and settings\Blueutopiah\Local Settings\Application Data\{61D60504-1694-4099-914C-B32D47C3D753}
c:\documents and settings\Blueutopiah\Local Settings\Application Data\{61D60504-1694-4099-914C-B32D47C3D753}\chrome.manifest
c:\documents and settings\Blueutopiah\Local Settings\Application Data\{61D60504-1694-4099-914C-B32D47C3D753}\chrome\content\_cfg.js
c:\documents and settings\Blueutopiah\Local Settings\Application Data\{61D60504-1694-4099-914C-B32D47C3D753}\chrome\content\overlay.xul
c:\documents and settings\Blueutopiah\Local Settings\Application Data\{61D60504-1694-4099-914C-B32D47C3D753}\install.rdf

Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4

((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 )))))))))))))))))))))))))))))))
.

2010-06-24 01:38 . 2010-06-24 01:38 388096 ----a-r- c:\documents and settings\Blueutopiah\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-22 17:19 . 2010-06-22 17:19 45056 ----a-w- c:\windows\system32\FyK11dJy.dll
2010-06-22 00:51 . 2010-06-22 00:51 -------- d-----w- C:\VundoFix Backups
2010-06-21 01:57 . 2010-06-21 02:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 01:57 . 2010-06-21 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-20 00:10 . 2010-06-24 00:51 0 ----a-w- c:\documents and settings\Blueutopiah\Local Settings\Application Data\prvlcl.dat
2010-06-19 23:04 . 2010-06-20 14:48 63488 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-19 23:04 . 2010-06-19 23:04 52224 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-19 23:04 . 2010-06-20 14:48 117760 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 21:31 . 2010-06-19 21:31 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\AVG9
2010-06-19 19:43 . 2010-06-19 19:43 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-19 19:43 . 2010-06-19 19:43 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-06-19 18:56 . 2010-06-19 18:56 -------- d-----w- C:\$AVG
2010-06-19 18:55 . 2010-06-19 18:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-06-19 18:55 . 2010-06-19 19:42 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-19 18:55 . 2010-06-19 18:55 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-19 18:55 . 2010-06-19 19:42 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-19 18:55 . 2010-06-23 22:53 -------- d-----w- c:\windows\system32\drivers\Avg
2010-06-19 18:52 . 2010-06-19 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-19 18:52 . 2010-06-19 21:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-19 16:09 . 2010-06-19 16:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\Malwarebytes
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 14:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 14:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 06:15 . 2010-06-19 06:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-19 06:13 . 2010-06-19 06:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 05:20 . 2010-06-21 02:19 120 ----a-w- c:\windows\Uteletil.dat
2010-06-19 05:20 . 2010-06-20 15:19 0 ----a-w- c:\windows\Kficoxiwakev.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-24 01:33 . 2009-02-01 21:33 -------- d-----w- c:\program files\iTunes
2010-06-24 01:33 . 2010-04-05 19:06 -------- d-----w- c:\program files\Replay Media Catcher
2010-06-24 01:33 . 2009-02-01 21:32 -------- d-----w- c:\program files\QuickTime
2010-06-24 01:33 . 2008-09-28 00:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-22 17:21 . 2010-06-22 17:19 112 ----a-w- c:\documents and settings\All Users\Application Data\Hk6BXX.dat
2010-06-19 23:37 . 2008-09-28 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 20:41 . 2008-09-28 00:40 -------- d-----w- c:\program files\Norton SystemWorks
2010-06-19 18:52 . 2008-09-28 01:00 -------- d-----w- c:\program files\AVG
2010-06-15 02:41 . 2010-05-15 05:56 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\vlc
2010-05-16 19:30 . 2010-04-05 19:07 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-16 19:30 . 2010-04-05 19:07 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-15 15:54 . 2008-09-28 00:58 -------- d-----w- c:\program files\RealMedia
2010-05-15 15:54 . 2008-09-28 00:56 -------- d-----w- c:\program files\Zoom Player
2010-05-15 05:54 . 2010-05-15 05:54 -------- d-----w- c:\program files\VideoLAN
2010-05-10 01:40 . 2008-09-27 03:46 117693 ----a-w- c:\windows\system32\nvModes.dat
2010-05-07 18:50 . 2010-05-07 18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-05-12 00:50 . 2009-05-12 00:50 820736 ----a-w- c:\program files\ChronosXP_4.1_x86.msi
.

Code:

<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Media Experience\PCMService .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Replay Media Catcher\FLVSrvc .exe
c:\windows\OEM02Mon .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}]
2010-06-22 17:19 45056 ----a-w- c:\windows\system32\FyK11dJy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [N/A]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [N/A]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [N/A]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [N/A]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [N/A]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [N/A]

c:\documents and settings\Blueutopiah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-06-19 18:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/19/2010 2:55 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/19/2010 2:55 PM 242896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/19/2010 2:54 PM 308064]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNT IO.sys [9/27/2008 8:42 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM. sys [9/27/2008 8:42 PM 3904]
S0 tpcdrdrv;tpcdrdrv;c:\windows\system32\DRIVERS\tpcd rdrv.sys --> c:\windows\system32\DRIVERS\tpcdrdrv.sys [?]
S3 rindar;rindar;\??\c:\windows\system32\rindar.sys --> c:\windows\system32\rindar.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-21 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-08-31 04:40]

2008-09-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-09-28 21:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\
FF - prefs.js: browser.startup.homepage - Google
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Toolbar-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll
WebBrowser-{0C8413C1-FAD1-446C-8584-BE50576F863E} - c:\program files\Search Toolbar\tbcore3.dll

************************************************** ************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
.
************************************************** ************************
.
Completion time: 2010-06-24 10:42:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-24 14:42

Pre-Run: 55,795,777,536 bytes free
Post-Run: 56,267,689,984 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 10F72B19384BE2017E86209C3A24115B

Since running both programs, my laptop is now trying to install HP updates, which has never happened before, and it keeps trying to set Internet Explorer as a default browser.

Thanks again.

Blueutopiah

**broni** · 24-06-2010

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

================================================== =You're running two AV programs, AVG and Norton.
One of them has to go.
If AVG, use AVG Remover: AVG Antivirus and Security Software - Tools download
If Norton, use Norton Removal Tool: Download and run the Norton Removal Tool

================================================== ==========

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\FyK11dJy.dll
c:\documents and settings\Blueutopiah\Local Settings\Application Data\prvlcl.dat
c:\windows\Kficoxiwakev.bin
c:\documents and settings\All Users\Application Data\Hk6BXX.dat
c:\windows\system32\DRIVERS\tpcdrdrv.sys
c:\windows\system32\rindar.sys


RenV::
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv .exe
c:\program files\Dell\Media Experience\PCMService .exe
c:\program files\Dell\QuickSet\quickset .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre1.5.0_06\bin\jusched .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Replay Media Catcher\FLVSrvc .exe
c:\windows\OEM02Mon .exe


Driver::
tpcdrdrv
rindar


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C6A91056-83E0-4C6E-8DCC-43FC0DFE7A0A}]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

**blueutopiah** · 25-06-2010

Again, many many thanks for helping me with this problem. I greatly appreciate all your help.

AVG Remover kept stalling, so I uninstalled AVG through Add/Remove Programs, then ran AVG Remover again for good measure. Here is the log it gave me:

2010-06-25 02:58:47,234 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:Pro gramFilesDir (x86) value failed (error: e001003d)
2010-06-25 02:58:47,234 DEBUG AvgDir param set to C:\Program Files\AVG\AVG9.
2010-06-25 02:58:47,234 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg9.
2010-06-25 02:59:32,437 INFO AvgRemover runs in attempt number 1
2010-06-25 02:59:32,437 INFO ***** Services *****
2010-06-25 02:59:32,437 INFO Processing service avg8emc
2010-06-25 02:59:32,437 INFO Service avg8emc is not installed
2010-06-25 02:59:32,437 DEBUG Service avg8emc RegCleanup
2010-06-25 02:59:32,437 DEBUG Registry keys for service avg8emc are not present
2010-06-25 02:59:32,437 INFO Processing service avgfws8
2010-06-25 02:59:32,437 INFO Service avgfws8 is not installed
2010-06-25 02:59:32,437 DEBUG Service avgfws8 RegCleanup
2010-06-25 02:59:32,437 DEBUG Registry keys for service avgfws8 are not present
2010-06-25 02:59:32,437 INFO Processing service avg8wd
2010-06-25 02:59:32,437 INFO Service avg8wd is not installed
2010-06-25 02:59:32,437 DEBUG Service avg8wd RegCleanup
2010-06-25 02:59:32,437 DEBUG Registry keys for service avg8wd are not present
2010-06-25 02:59:32,437 INFO Processing service AvgWFPx
2010-06-25 02:59:32,437 INFO Service AvgWFPx is not installed
2010-06-25 02:59:32,437 DEBUG Service AvgWFPx RegCleanup
2010-06-25 02:59:32,437 DEBUG Registry keys for service AvgWFPx are not present
2010-06-25 02:59:32,437 INFO Processing service AvgWFPa
2010-06-25 02:59:32,453 INFO Service AvgWFPa is not installed
2010-06-25 02:59:32,453 DEBUG Service AvgWFPa RegCleanup
2010-06-25 02:59:32,453 DEBUG Registry keys for service AvgWFPa are not present
2010-06-25 02:59:32,453 INFO Processing service AvgMfx86
2010-06-25 02:59:32,453 DEBUG Service AvgMfx86 Stop
2010-06-25 03:00:37,328 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:Pro gramFilesDir (x86) value failed (error: e001003d)
2010-06-25 03:00:37,328 DEBUG AvgDir param set to C:\Program Files\AVG\AVG9.
2010-06-25 03:00:37,328 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg9.
2010-06-25 03:00:38,390 INFO AvgRemover runs in attempt number 1
2010-06-25 03:00:38,390 INFO ***** Services *****
2010-06-25 03:00:38,390 INFO Processing service avg8emc
2010-06-25 03:00:38,390 INFO Service avg8emc is not installed
2010-06-25 03:00:38,390 DEBUG Service avg8emc RegCleanup
2010-06-25 03:00:38,390 DEBUG Registry keys for service avg8emc are not present
2010-06-25 03:00:38,390 INFO Processing service avgfws8
2010-06-25 03:00:38,390 INFO Service avgfws8 is not installed
2010-06-25 03:00:38,390 DEBUG Service avgfws8 RegCleanup
2010-06-25 03:00:38,390 DEBUG Registry keys for service avgfws8 are not present
2010-06-25 03:00:38,390 INFO Processing service avg8wd
2010-06-25 03:00:38,390 INFO Service avg8wd is not installed
2010-06-25 03:00:38,390 DEBUG Service avg8wd RegCleanup
2010-06-25 03:00:38,390 DEBUG Registry keys for service avg8wd are not present
2010-06-25 03:00:38,390 INFO Processing service AvgWFPx
2010-06-25 03:00:38,390 INFO Service AvgWFPx is not installed
2010-06-25 03:00:38,390 DEBUG Service AvgWFPx RegCleanup
2010-06-25 03:00:38,390 DEBUG Registry keys for service AvgWFPx are not present
2010-06-25 03:00:38,390 INFO Processing service AvgWFPa
2010-06-25 03:00:38,390 INFO Service AvgWFPa is not installed
2010-06-25 03:00:38,390 DEBUG Service AvgWFPa RegCleanup
2010-06-25 03:00:38,390 DEBUG Registry keys for service AvgWFPa are not present
2010-06-25 03:00:38,390 INFO Processing service AvgMfx86
2010-06-25 03:00:38,390 DEBUG Service AvgMfx86 Stop
2010-06-25 17:37:07,062 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:Pro gramFilesDir (x86) value failed (error: e001003d)
2010-06-25 17:37:07,062 DEBUG AvgDir param set to C:\Program Files\AVG\AVG9.
2010-06-25 17:37:07,062 DEBUG AvgDataDir param set to C:\Documents and Settings\All Users\Application Data\avg9.
2010-06-25 17:37:09,828 INFO AvgRemover runs in attempt number 1
2010-06-25 17:37:09,828 INFO ***** Services *****
2010-06-25 17:37:09,828 INFO Processing service avg8emc
2010-06-25 17:37:09,828 INFO Service avg8emc is not installed
2010-06-25 17:37:09,828 DEBUG Service avg8emc RegCleanup
2010-06-25 17:37:09,828 DEBUG Registry keys for service avg8emc are not present
2010-06-25 17:37:09,828 INFO Processing service avgfws8
2010-06-25 17:37:09,828 INFO Service avgfws8 is not installed
2010-06-25 17:37:09,828 DEBUG Service avgfws8 RegCleanup
2010-06-25 17:37:09,828 DEBUG Registry keys for service avgfws8 are not present
2010-06-25 17:37:09,828 INFO Processing service avg8wd
2010-06-25 17:37:09,828 INFO Service avg8wd is not installed
2010-06-25 17:37:09,828 DEBUG Service avg8wd RegCleanup
2010-06-25 17:37:09,828 DEBUG Registry keys for service avg8wd are not present
2010-06-25 17:37:09,828 INFO Processing service AvgWFPx
2010-06-25 17:37:09,828 INFO Service AvgWFPx is not installed
2010-06-25 17:37:09,828 DEBUG Service AvgWFPx RegCleanup
2010-06-25 17:37:09,828 DEBUG Registry keys for service AvgWFPx are not present
2010-06-25 17:37:09,828 INFO Processing service AvgWFPa
2010-06-25 17:37:09,828 INFO Service AvgWFPa is not installed
2010-06-25 17:37:09,843 DEBUG Service AvgWFPa RegCleanup
2010-06-25 17:37:09,843 DEBUG Registry keys for service AvgWFPa are not present
2010-06-25 17:37:09,843 INFO Processing service AvgMfx86
2010-06-25 17:37:09,843 DEBUG Service AvgMfx86 Stop
2010-06-25 17:44:39,265 DEBUG Avg9Uninstall\Directories key failed to open (error: e0010013)
2010-06-25 17:44:39,375 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2010-06-25 17:44:39,375 DEBUG Reading HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion:Pro gramFilesDir (x86) value failed (error: e001003d)
2010-06-25 17:44:39,375 WARN AvgDir param empty.
2010-06-25 17:44:39,375 WARN AvgDataDir param empty.
2010-06-25 17:44:42,703 INFO AvgRemover runs in attempt number 1
2010-06-25 17:44:42,703 INFO ***** Services *****
2010-06-25 17:44:42,750 INFO Processing service avg8emc
2010-06-25 17:44:42,765 INFO Service avg8emc is not installed
2010-06-25 17:44:42,765 DEBUG Service avg8emc RegCleanup
2010-06-25 17:44:42,765 DEBUG Registry keys for service avg8emc are not present
2010-06-25 17:44:42,765 INFO Processing service avgfws8
2010-06-25 17:44:42,765 INFO Service avgfws8 is not installed
2010-06-25 17:44:42,765 DEBUG Service avgfws8 RegCleanup
2010-06-25 17:44:42,765 DEBUG Registry keys for service avgfws8 are not present
2010-06-25 17:44:42,765 INFO Processing service avg8wd
2010-06-25 17:44:42,765 INFO Service avg8wd is not installed
2010-06-25 17:44:42,765 DEBUG Service avg8wd RegCleanup
2010-06-25 17:44:42,765 DEBUG Registry keys for service avg8wd are not present
2010-06-25 17:44:42,781 INFO Processing service AvgWFPx
2010-06-25 17:44:42,781 INFO Service AvgWFPx is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgWFPx RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgWFPx are not present
2010-06-25 17:44:42,781 INFO Processing service AvgWFPa
2010-06-25 17:44:42,781 INFO Service AvgWFPa is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgWFPa RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgWFPa are not present
2010-06-25 17:44:42,781 INFO Processing service AvgMfx86
2010-06-25 17:44:42,781 INFO Service AvgMfx86 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgMfx86 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgMfx86 are not present
2010-06-25 17:44:42,781 INFO Processing service AvgMfx64
2010-06-25 17:44:42,781 INFO Service AvgMfx64 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgMfx64 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgMfx64 are not present
2010-06-25 17:44:42,781 INFO Processing service AvgLdx86
2010-06-25 17:44:42,781 INFO Service AvgLdx86 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgLdx86 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgLdx86 are not present
2010-06-25 17:44:42,781 INFO Processing service AvgLdx64
2010-06-25 17:44:42,781 INFO Service AvgLdx64 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgLdx64 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgLdx64 are not present
2010-06-25 17:44:42,781 INFO Processing service AvgTdiX
2010-06-25 17:44:42,781 INFO Service AvgTdiX is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgTdiX RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgTdiX are not present
2010-06-25 17:44:42,781 INFO Processing service AvgTdiA
2010-06-25 17:44:42,781 INFO Service AvgTdiA is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgTdiA RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgTdiA are not present
2010-06-25 17:44:42,781 INFO Processing service AvgRkx86
2010-06-25 17:44:42,781 INFO Service AvgRkx86 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgRkx86 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgRkx86 are not present
2010-06-25 17:44:42,781 INFO Processing service AvgRkx64
2010-06-25 17:44:42,781 INFO Service AvgRkx64 is not installed
2010-06-25 17:44:42,781 DEBUG Service AvgRkx64 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AvgRkx64 are not present
2010-06-25 17:44:42,781 INFO Processing service avg9emc
2010-06-25 17:44:42,781 INFO Service avg9emc is not installed
2010-06-25 17:44:42,781 DEBUG Service avg9emc RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service avg9emc are not present
2010-06-25 17:44:42,781 INFO Processing service avgfws9
2010-06-25 17:44:42,781 INFO Service avgfws9 is not installed
2010-06-25 17:44:42,781 DEBUG Service avgfws9 RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service avgfws9 are not present
2010-06-25 17:44:42,781 INFO Processing service avg9wd
2010-06-25 17:44:42,781 INFO Service avg9wd is not installed
2010-06-25 17:44:42,781 DEBUG Service avg9wd RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service avg9wd are not present
2010-06-25 17:44:42,781 INFO Processing service AVGIDSAgent
2010-06-25 17:44:42,781 INFO Service AVGIDSAgent is not installed
2010-06-25 17:44:42,781 DEBUG Service AVGIDSAgent RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AVGIDSAgent are not present
2010-06-25 17:44:42,781 INFO Processing service AVGIDSShimxpx
2010-06-25 17:44:42,781 INFO Service AVGIDSShimxpx is not installed
2010-06-25 17:44:42,781 DEBUG Service AVGIDSShimxpx RegCleanup
2010-06-25 17:44:42,781 DEBUG Registry keys for service AVGIDSShimxpx are not present
2010-06-25 17:44:42,781 INFO Processing service AVGIDSFilterxpx
2010-06-25 17:44:42,781 INFO Service AVGIDSFilterxpx is not installed
2010-06-25 17:44:42,812 DEBUG Service AVGIDSFilterxpx RegCleanup
2010-06-25 17:44:42,812 DEBUG Registry keys for service AVGIDSFilterxpx are not present
2010-06-25 17:44:42,812 INFO Processing service AVGIDSDriverxpx
2010-06-25 17:44:42,812 INFO Service AVGIDSDriverxpx is not installed
2010-06-25 17:44:42,812 DEBUG Service AVGIDSDriverxpx RegCleanup
2010-06-25 17:44:42,812 DEBUG Registry keys for service AVGIDSDriverxpx are not present
2010-06-25 17:44:42,812 INFO Processing service AVGIDSShimvtx
2010-06-25 17:44:42,812 INFO Service AVGIDSShimvtx is not installed
2010-06-25 17:44:42,812 DEBUG Service AVGIDSShimvtx RegCleanup
2010-06-25 17:44:42,812 DEBUG Registry keys for service AVGIDSShimvtx are not present
2010-06-25 17:44:42,812 INFO Processing service AVGIDSFiltervtx
2010-06-25 17:44:42,828 INFO Service AVGIDSFiltervtx is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSFiltervtx RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSFiltervtx are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSDrivervtx
2010-06-25 17:44:42,828 INFO Service AVGIDSDrivervtx is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSDrivervtx RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSDrivervtx are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSFiltervta
2010-06-25 17:44:42,828 INFO Service AVGIDSFiltervta is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSFiltervta RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSFiltervta are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSDrivervta
2010-06-25 17:44:42,828 INFO Service AVGIDSDrivervta is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSDrivervta RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSDrivervta are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSShimw7x
2010-06-25 17:44:42,828 INFO Service AVGIDSShimw7x is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSShimw7x RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSShimw7x are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSFilterw7x
2010-06-25 17:44:42,828 INFO Service AVGIDSFilterw7x is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSFilterw7x RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSFilterw7x are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSDriverw7x
2010-06-25 17:44:42,828 INFO Service AVGIDSDriverw7x is not installed
2010-06-25 17:44:42,828 DEBUG Service AVGIDSDriverw7x RegCleanup
2010-06-25 17:44:42,828 DEBUG Registry keys for service AVGIDSDriverw7x are not present
2010-06-25 17:44:42,828 INFO Processing service AVGIDSFilterw7a
2010-06-25 17:44:42,828 INFO Service AVGIDSFilterw7a is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSFilterw7a RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSFilterw7a are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSDriverw7a
2010-06-25 17:44:42,859 INFO Service AVGIDSDriverw7a is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSDriverw7a RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSDriverw7a are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSErHrxpx
2010-06-25 17:44:42,859 INFO Service AVGIDSErHrxpx is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSErHrxpx RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSErHrxpx are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSErHrvtx
2010-06-25 17:44:42,859 INFO Service AVGIDSErHrvtx is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSErHrvtx RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSErHrvtx are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSErHrvta
2010-06-25 17:44:42,859 INFO Service AVGIDSErHrvta is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSErHrvta RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSErHrvta are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSErHrw7x
2010-06-25 17:44:42,859 INFO Service AVGIDSErHrw7x is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSErHrw7x RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSErHrw7x are not present
2010-06-25 17:44:42,859 INFO Processing service AVGIDSErHrw7a
2010-06-25 17:44:42,859 INFO Service AVGIDSErHrw7a is not installed
2010-06-25 17:44:42,859 DEBUG Service AVGIDSErHrw7a RegCleanup
2010-06-25 17:44:42,859 DEBUG Registry keys for service AVGIDSErHrw7a are not present
2010-06-25 17:44:42,859 INFO ***** Registry keys and values *****
2010-06-25 17:44:42,875 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2010-06-25 17:44:42,875 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2010-06-25 17:44:42,906 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} is not present
2010-06-25 17:44:42,906 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2010-06-25 17:44:42,906 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2010-06-25 17:44:42,906 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2010-06-25 17:44:42,906 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg8Alrt
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg8Alrt ForceRemove
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg8Alrt not found
2010-06-25 17:44:42,906 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg9Alrt
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg9Alrt ForceRemove
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\Avg9Alrt not found
2010-06-25 17:44:42,906 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\AvgEms
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\AvgEms ForceRemove
2010-06-25 17:44:42,906 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Applica tion\AvgEms not found
2010-06-25 17:44:42,906 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2010-06-25 17:44:42,921 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2010-06-25 17:44:42,921 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2010-06-25 17:44:42,921 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2010-06-25 17:44:42,921 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2010-06-25 17:44:42,921 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2010-06-25 17:44:42,921 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2010-06-25 17:44:42,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2010-06-25 17:44:42,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2010-06-25 17:44:42,921 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:42,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:42,921 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-06-25 17:44:42,921 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar
2010-06-25 17:44:42,921 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2010-06-25 17:44:42,921 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2010-06-25 17:44:42,937 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:42,937 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:42,937 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2010-06-25 17:44:42,937 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outl ook Setup Extension Remove
2010-06-25 17:44:42,937 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outl ook Setup Extension is not present
2010-06-25 17:44:42,937 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2010-06-25 17:44:42,953 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2010-06-25 17:44:42,953 INFO Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension is not present
2010-06-25 17:44:42,953 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2010-06-25 17:44:42,953 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2010-06-25 17:44:42,953 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs doesn't need to be modified
2010-06-25 17:44:42,953 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-06-25 17:44:42,953 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2010-06-25 17:44:42,953 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2010-06-25 17:44:42,953 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-06-25 17:44:42,968 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2010-06-25 17:44:42,968 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2010-06-25 17:44:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-06-25 17:44:42,968 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2010-06-25 17:44:42,968 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2010-06-25 17:44:42,968 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2010-06-25 17:44:42,984 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2010-06-25 17:44:42,984 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2010-06-25 17:44:42,984 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-06-25 17:44:42,984 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8 _TRAY Remove
2010-06-25 17:44:42,984 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8 _TRAY is not present
2010-06-25 17:44:42,984 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2010-06-25 17:44:42,984 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9 _TRAY Remove
2010-06-25 17:44:42,984 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG9 _TRAY is not present
2010-06-25 17:44:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG8Uninstall
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG8Uninstall ForceRemove
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG8Uninstall not found
2010-06-25 17:44:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG7Uninstall
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG7Uninstall ForceRemove
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG7Uninstall not found
2010-06-25 17:44:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG9Uninstall
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG9Uninstall ForceRemove
2010-06-25 17:44:43,000 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstal l\AVG9Uninstall not found
2010-06-25 17:44:43,000 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\.avgdi
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2010-06-25 17:44:43,015 DEBUG Key SOFTWARE\Classes\.avgdi not found
2010-06-25 17:44:43,015 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandle rs\AVG8 Shell Extension
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandle rs\AVG8 Shell Extension ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandle rs\AVG8 Shell Extension not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandler s\AVG8 Shell Extension
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandler s\AVG8 Shell Extension ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandler s\AVG8 Shell Extension not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG 8 Shell Extension
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG 8 Shell Extension ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG 8 Shell Extension not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\AVG\Clients
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\Clients not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\AVG\AVG8
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\AVG8 not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\AVG\AVG9
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\AVG\AVG IDS
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\AVG IDS ForceRemove
2010-06-25 17:44:43,031 DEBUG Key SOFTWARE\AVG\AVG IDS not found
2010-06-25 17:44:43,031 INFO Processing registry SOFTWARE\AVG
2010-06-25 17:44:43,031 DEBUG Value SOFTWARE\AVG

umpType Remove
2010-06-25 17:44:43,031 INFO Value SOFTWARE\AVG

umpType is not present
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Remove
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG Security Toolbar
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG\AVG8
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG\AVG8 not found
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG\AVG9
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG\AVG9 ForceRemove
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Remove
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\AVG Security Toolbar
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Security Toolbar ForceRemove
2010-06-25 17:44:43,046 DEBUG Key SOFTWARE\AVG Security Toolbar not found
2010-06-25 17:44:43,046 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks
2010-06-25 17:44:43,046 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} Remove
2010-06-25 17:44:43,046 INFO Value SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks:{A3BC75A2-1F87-4686-AA43-5347D756017C} is not present
2010-06-25 17:44:43,062 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:43,062 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:43,062 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser
2010-06-25 17:44:43,062 DEBUG Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Remove
2010-06-25 17:44:43,062 INFO Value SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser:{CCC7A320-B3CA-4199-B1A6-9F516DD69829} is not present
2010-06-25 17:44:43,062 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:43,078 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:43,078 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-06-25 17:44:43,078 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2010-06-25 17:44:43,078 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2010-06-25 17:44:43,078 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stat s\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2010-06-25 17:44:43,078 INFO Processing registry aAvgAPI.AvgBro
2010-06-25 17:44:43,078 DEBUG Key aAvgAPI.AvgBro ForceRemove
2010-06-25 17:44:43,078 DEBUG Key aAvgAPI.AvgBro not found
2010-06-25 17:44:43,078 INFO Processing registry AVG.Office
2010-06-25 17:44:43,078 DEBUG Key AVG.Office ForceRemove
2010-06-25 17:44:43,078 DEBUG Key AVG.Office not found
2010-06-25 17:44:43,078 INFO Processing registry AVG.Office.8
2010-06-25 17:44:43,078 DEBUG Key AVG.Office.8 ForceRemove
2010-06-25 17:44:43,078 DEBUG Key AVG.Office.8 not found
2010-06-25 17:44:43,078 INFO Processing registry avgtoolbar.AVGTOOLBAR
2010-06-25 17:44:43,078 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2010-06-25 17:44:43,078 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2010-06-25 17:44:43,078 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2010-06-25 17:44:43,078 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2010-06-25 17:44:43,078 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2010-06-25 17:44:43,078 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2010-06-25 17:44:43,093 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2010-06-25 17:44:43,093 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2010-06-25 17:44:43,093 INFO Processing registry LinkScannerIE.NavFilter
2010-06-25 17:44:43,093 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2010-06-25 17:44:43,093 INFO Processing registry LinkScannerIE.NavFilter.1
2010-06-25 17:44:43,093 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2010-06-25 17:44:43,093 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2010-06-25 17:44:43,093 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2010-06-25 17:44:43,093 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2010-06-25 17:44:43,093 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2010-06-25 17:44:43,093 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2010-06-25 17:44:43,093 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2010-06-25 17:44:43,093 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2010-06-25 17:44:43,093 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2010-06-25 17:44:43,093 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2010-06-25 17:44:43,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2010-06-25 17:44:43,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2010-06-25 17:44:43,109 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2010-06-25 17:44:43,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2010-06-25 17:44:43,109 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2010-06-25 17:44:43,109 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2010-06-25 17:44:43,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2010-06-25 17:44:43,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2010-06-25 17:44:43,109 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2010-06-25 17:44:43,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2010-06-25 17:44:43,109 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2010-06-25 17:44:43,109 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2010-06-25 17:44:43,125 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2010-06-25 17:44:43,125 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2010-06-25 17:44:43,125 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2010-06-25 17:44:43,125 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2010-06-25 17:44:43,125 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2010-06-25 17:44:43,125 INFO Processing registry CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7}
2010-06-25 17:44:43,125 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} ForceRemove
2010-06-25 17:44:43,125 DEBUG Key CLSID\{9781B2D1-AF27-474F-A3A5-C0763FBDF3B7} not found
2010-06-25 17:44:43,125 INFO Processing registry CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}
2010-06-25 17:44:43,125 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} ForceRemove
2010-06-25 17:44:43,125 DEBUG Key CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found
2010-06-25 17:44:43,125 INFO Processing registry CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:43,140 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:43,140 DEBUG Key CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-06-25 17:44:43,140 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2010-06-25 17:44:43,140 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2010-06-25 17:44:43,140 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2010-06-25 17:44:43,140 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2010-06-25 17:44:43,140 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2010-06-25 17:44:43,140 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2010-06-25 17:44:43,140 INFO Processing registry Interface\{7F24AABF-C822-4C18-9432-21433208F4DC}
2010-06-25 17:44:43,140 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} ForceRemove
2010-06-25 17:44:43,140 DEBUG Key Interface\{7F24AABF-C822-4C18-9432-21433208F4DC} not found
2010-06-25 17:44:43,140 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2010-06-25 17:44:43,140 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2010-06-25 17:44:43,140 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2010-06-25 17:44:43,140 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2010-06-25 17:44:43,156 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2010-06-25 17:44:43,156 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2010-06-25 17:44:43,156 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2010-06-25 17:44:43,156 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} not found
2010-06-25 17:44:43,156 INFO Processing registry TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
2010-06-25 17:44:43,156 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} ForceRemove
2010-06-25 17:44:43,156 DEBUG Key TypeLib\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} not found
2010-06-25 17:44:43,156 INFO ***** Files and folders *****
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 0
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 1
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 2
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 3
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 4
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 5
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 6
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 7
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 8
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 9
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 10
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 11
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 12
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 13
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 14
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 15
2010-06-25 17:44:43,187 DEBUG Missing ParentDir path for fileItem number 16
2010-06-25 17:44:43,187 DEBUG Processing item C:\Documents and Settings\Blueutopiah\Application Data\AVGTOOLBAR
2010-06-25 17:44:43,187 INFO Directory C:\Documents and Settings\Blueutopiah\Application Data\AVGTOOLBAR not found
2010-06-25 17:44:43,187 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2010-06-25 17:44:43,218 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2010-06-25 17:44:43,218 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5
2010-06-25 17:44:43,218 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.5 not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5
2010-06-25 17:44:43,218 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.5 not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2010-06-25 17:44:43,218 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2010-06-25 17:44:43,218 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2010-06-25 17:44:43,218 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk
2010-06-25 17:44:43,218 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.5.lnk not found
2010-06-25 17:44:43,250 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk
2010-06-25 17:44:43,250 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.5.lnk not found
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 27
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 28
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 29
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 30
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 31
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 32
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 33
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 34
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 35
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 36
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 37
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 38
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 39
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 40
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 41
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 42
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 43
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 44
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 45
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 46
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 47
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 48
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 49
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 50
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 51
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 52
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 53
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 54
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 55
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 56
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 57
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 58
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 59
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 60
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 61
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 62
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 63
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 64
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 65
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 66
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 67
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 68
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 69
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 70
2010-06-25 17:44:43,250 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages
2010-06-25 17:44:43,250 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\Languages not found
2010-06-25 17:44:43,250 DEBUG Processing item C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2010-06-25 17:44:43,250 INFO Directory C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar not found
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk
2010-06-25 17:44:43,250 INFO File C:\Documents and Settings\All Users\Desktop\avg 9.0.lnk not found
2010-06-25 17:44:43,250 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk
2010-06-25 17:44:43,250 INFO File C:\Documents and Settings\All Users\Desktop\avg free 9.0.lnk not found
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 76
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 77
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 78
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 79
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 80
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 81
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 82
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 83
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 84
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 85
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 86
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 87
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 88
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 89
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 90
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 91
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 92
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 93
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 94
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 95
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 96
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 97
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 98
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 99
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 100
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 101
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 102
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 103
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 104
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 105
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 106
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 107
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 108
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 109
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 110
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 111
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 112
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 113
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 114
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 115
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 116
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 117
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 118
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 119
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 120
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 121
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 122
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 123
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 124
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 125
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 126
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 127
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 128
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 129
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 130
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 131
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 132
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 133
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 134
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 135
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 136
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 137
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 138
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 139
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 140
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 141
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 142
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 143
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 144
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 145
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 146
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 147
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 148
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 149
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 150
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 151
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 152
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 153
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 154
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 155
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 156
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 157
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 158
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 159
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 160
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 161
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 162
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 163
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 164
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 165
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 166
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 167
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 168
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 169
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 170
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 171
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 172
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 173
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 174
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 175
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 176
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 177
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 178
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 179
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 180
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 181
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 182
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 183
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 184
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 185
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2010-06-25 17:44:43,250 INFO Directory C:\WINDOWS\System32\Drivers\avg not found
2010-06-25 17:44:43,250 DEBUG Processing item C:\WINDOWS\System32
2010-06-25 17:44:43,250 DEBUG Processing item C:\Program Files\AVG
2010-06-25 17:44:43,250 DEBUG Directory C:\Program Files\AVG not deleted (error c0070091)
2010-06-25 17:44:43,250 DEBUG Missing ParentDir path for fileItem number 194
2010-06-25 17:44:43,250 INFO ***** Avg Fw NDIS driver *****
2010-06-25 17:44:45,281 INFO FW NDIS driver not present

ComboFix Log:

ComboFix 10-06-25.01 - Blueutopiah 06/25/2010 13:50:43.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1601 [GMT -4:00]
Running from: c:\documents and settings\Blueutopiah\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Blueutopiah\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\Hk6BXX.dat"
"c:\documents and settings\Blueutopiah\Local Settings\Application Data\prvlcl.dat"
"c:\windows\Kficoxiwakev.bin"
"c:\windows\system32\DRIVERS\tpcdrdrv.sys"
"c:\windows\system32\FyK11dJy.dll"
"c:\windows\system32\rindar.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Hk6BXX.dat
c:\documents and settings\Blueutopiah\Local Settings\Application Data\prvlcl.dat
c:\windows\Kficoxiwakev.bin
c:\windows\system32\FyK11dJy.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rindar
-------\Service_tpcdrdrv

((((((((((((((((((((((((( Files Created from 2010-05-25 to 2010-06-25 )))))))))))))))))))))))))))))))
.

2010-06-22 00:51 . 2010-06-22 00:51 -------- d-----w- C:\VundoFix Backups
2010-06-21 01:57 . 2010-06-21 02:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-21 01:57 . 2010-06-21 01:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-19 23:04 . 2010-06-19 23:04 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-19 18:52 . 2010-06-25 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-06-19 18:52 . 2010-06-19 21:56 -------- d-----w- c:\windows\SxsCaPendDel
2010-06-19 16:09 . 2010-06-19 16:09 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\Malwarebytes
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-19 14:40 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-19 14:40 . 2010-06-19 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-19 14:40 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-19 06:15 . 2010-06-19 06:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-06-19 06:13 . 2010-06-19 06:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 05:20 . 2010-06-21 02:19 120 ----a-w- c:\windows\Uteletil.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-06-25 17:50 . 2010-04-05 19:06 -------- d-----w- c:\program files\Replay Media Catcher
2010-06-25 17:50 . 2009-02-01 21:33 -------- d-----w- c:\program files\iTunes
2010-06-25 17:50 . 2009-02-01 21:32 -------- d-----w- c:\program files\QuickTime
2010-06-25 17:50 . 2008-09-28 00:39 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-24 01:38 . 2010-06-24 01:38 388096 ----a-r- c:\documents and settings\Blueutopiah\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-20 14:48 . 2010-06-19 23:04 63488 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10006.dll
2010-06-20 14:48 . 2010-06-19 23:04 117760 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ UIREPAIR.DLL
2010-06-19 23:37 . 2008-09-28 00:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-06-19 23:04 . 2010-06-19 23:04 52224 ----a-w- c:\documents and settings\Blueutopiah\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\ SD10005.dll
2010-06-19 20:41 . 2008-09-28 00:40 -------- d-----w- c:\program files\Norton SystemWorks
2010-06-19 18:52 . 2008-09-28 01:00 -------- d-----w- c:\program files\AVG
2010-06-15 02:41 . 2010-05-15 05:56 -------- d-----w- c:\documents and settings\Blueutopiah\Application Data\vlc
2010-05-16 19:30 . 2010-04-05 19:07 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-05-16 19:30 . 2010-04-05 19:07 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-05-15 15:54 . 2008-09-28 00:58 -------- d-----w- c:\program files\RealMedia
2010-05-15 15:54 . 2008-09-28 00:56 -------- d-----w- c:\program files\Zoom Player
2010-05-15 05:54 . 2010-05-15 05:54 -------- d-----w- c:\program files\VideoLAN
2010-05-10 01:40 . 2008-09-27 03:46 117693 ----a-w- c:\windows\system32\nvModes.dat
2010-05-07 18:50 . 2010-05-07 18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2009-05-12 00:50 . 2009-05-12 00:50 820736 ----a-w- c:\program files\ChronosXP_4.1_x86.msi
.

((((((((((((((((((((((((((((( SnapShot@2010-06-24_14.38.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-25 17:56 . 2010-06-25 17:56 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2008-09-27 03:47 . 2007-05-10 05:01 36864 c:\windows\OEM02Mon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8433664]
"nwiz"="nwiz.exe" [2007-06-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-06-06 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2007-06-06 81920]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 36864]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"SigmatelSysTrayApp"="stsystra.exe" [2007-05-06 405504]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 2220032]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.e xe" [2001-07-09 155648]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-08-27 58488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]

c:\documents and settings\Blueutopiah\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNT IO.sys [9/27/2008 8:42 PM 3744]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM. sys [9/27/2008 8:42 PM 3904]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 20:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2010-06-25 c:\windows\Tasks\Symantec Drmc.job
- c:\program files\Common Files\Symantec Shared\SymDrmc.exe [2004-08-31 04:40]

2008-09-28 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2008-09-28 21:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\
FF - prefs.js: browser.startup.homepage - Google
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-25 13:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(2156)
c:\documents and settings\Blueutopiah\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\windows\system32\browselc.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Haali\MatroskaSplitter\mmfinfo.dll
c:\program files\Haali\MatroskaSplitter\mkunicode.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\stsystra.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Completion time: 2010-06-25 14:02:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-25 18:02
ComboFix2.txt 2010-06-24 14:42

Pre-Run: 56,375,525,376 bytes free
Post-Run: 56,366,518,272 bytes free

- - End Of File - - 1AD66DD42880DE208FDB64E11DDA6844

I was still getting the HP Install popup upon restart until ComboFix ran, then on the after-ComboFix restart (before it created the log) the HP Install didn't pop up. However, I'm still getting Internet Explorer icons on my desktop and my browser is being reset. Also, my sound driver is currently working and I haven't gotten any Windows system error boxes in awhile.

Blueutopiah

**broni** · 25-06-2010

Very good

Delete your GMER file, download fresh one, run it and give me new log.

**blueutopiah** · 25-06-2010

That was so fast! Thank you!

Gmer Log:

GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-25 17:04:12
Windows 5.1.2600 Service Pack 2
Running: 018ruuog.exe; Driver: C:\DOCUME~1\BLUEUT~1\LOCALS~1\Temp\uwrdrpod.sys

---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB979D360, 0x2F26B7, 0xE8000020]
? C:\DOCUME~1\BLUEUT~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- EOF - GMER 1.0.15 ----

Gmer froze up my system again once it ended and I saved the log. On restart, the laptop defintely restarted faster and still no HP Install pop-up icons. Also, the sound driver is still working and it seems some of my settings (color of active/inactive bars, fonts I've chosen for displays) have returned. The only problem I'm getting is that Firefox is tweaky - it opens up to my last saved page and won't open to my homepage. Otherwise, the computer seems to be running better!

Blueutopiah

**broni** · 25-06-2010

I'm glad to hear good news

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

================================================== ==========

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

**blueutopiah** · 26-06-2010

Honestly, on the last restart my computer started faster than it ever has, even before the Malware. Thank you! The Internet Explorer icon stopped appearing on my desktop with the last restart and Firefox stays consistent as my deafult browser again, which is great. Firefox still opens to the last page I was on when I closed it, instead of my homepage, but that's not a big deal to me.

OTL Log:

OTL logfile created on: 6/25/2010 8:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Blueutopiah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 52.77 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YAOI777
Current User Name: Blueutopiah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/25 20:01:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blueutopiah\Desktop\OTL.exe
PRC - [2009/09/22 14:09:02 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Replay Media Catcher\FLVSrvc.exe
PRC - [2008/09/27 20:40:39 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2007/09/17 11

08 | 000,124,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/07/03 13:57:38 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/05/10 01:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2007/05/06 17:10:52 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/02/10 08

12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/11/10 13:03:52 | 000,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
PRC - [2004/12/14 04:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2004/08/27 19:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/27 19:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/08/27 19:22:40 | 000,058,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2004/08/04 01:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/06/25 20:01:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blueutopiah\Desktop\OTL.exe
MOD - [2010/06/25 20:00:09 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2004/08/04 01:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 01:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2008/09/27 20:40:39 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2004/08/27 19:22:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/27 19:22:48 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/27 19:22:42 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/01/23 10:49:08 | 000,037,664 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2008/09/27 20:40:40 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2008/06/02 11:42:52 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/06/06 16:07:00 | 006,349,696 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/05/10 01:01:00 | 000,235,584 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/06 17:12:00 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 18:47:36 | 000,989,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 18:47:00 | 000,209,152 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/11/02 18:46:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/09/01 20:48:40 | 000,104,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/03/05 17:09:02 | 000,003,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS -- (MAPMEM)
DRV - [2004/03/05 17:09:00 | 000,003,744 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS -- (BCMNTIO)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/19 19:52:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/19 19:52:23 | 000,000,000 | ---D | M]

[2010/06/19 19:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\Mozilla\Extensions
[2010/06/25 13:08:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\ext ensions
[2010/06/19 20

00 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\ext ensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/06/19 20:03:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/19 22:40:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Blueutopiah\Application Data\Mozilla\Firefox\Profiles\w1ra54az.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/06/19 19:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/25 13

35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Blueutopiah\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/s...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.237.161.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/26 23:00:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/09/26 18:36:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16620578542714880)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/25 20:01:01 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blueutopiah\Desktop\OTL.exe
[2010/06/25 14:11:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/24 10:24:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/24 10:18:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/23 21:50:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Desktop\Fix
[2010/06/23 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2010/06/20 21:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/20 21:57:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/06/20 01:41:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/20 01:41:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/19 19:52:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/19 19:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Application Data\SUPERAntiSpyware.com
[2010/06/19 19:04:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/19 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/19 14:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/19 14:52:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/06/19 12:09:41 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 10:40:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Application Data\Malwarebytes
[2010/06/19 10:40:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/19 10:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/19 10:40:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/19 10:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/19 02:13:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/19 01:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/19 01:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/13 13:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Desktop\Banners
[2010/05/15 01

56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Application Data\vlc
[2010/05/15 01:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/09 01:49:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Application Data\Opera
[2010/05/09 01:19:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\My Documents\Updater
[2010/05/06 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\My Documents\Downloads
[2010/05/03 23:49:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\My Documents\Excel Docs
[2010/05/03 23:49:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\My Documents\Ask and Record Toolbar
[2010/04/05 15:07:10 | 000,156,672 | ---- | C] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/04/05 15:07:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\mdnslib
[2010/04/05 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\FLVService
[2010/04/05 15:06:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2010/04/05 15:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/25 20:01:01 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blueutopiah\Desktop\OTL.exe
[2010/06/25 20:00:08 | 000,117,693 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/25 20:00:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 19:59:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/25 19:59:18 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Blueutopiah\NTUSER.DAT
[2010/06/25 13

51 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/25 13

35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/25 12:34:15 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Blueutopiah\Desktop\Word.lnk
[2010/06/25 00:00:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job
[2010/06/24 10:25:01 | 000,000,391 | RHS- | M] () -- C:\boot.ini
[2010/06/22 13:55:33 | 000,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2010/06/22 13:08:45 | 000,521,444 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 13:08:45 | 000,441,252 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 13:08:45 | 000,071,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/21 11:59:38 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/06/20 22:24:26 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/06/20 22:19:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Uteletil.dat
[2010/06/19 19:52:26 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Blueutopiah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/19 19:52:26 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/19 12:09:38 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/06/19 11:31:15 | 000,000,949 | ---- | M] () -- C:\Documents and Settings\Blueutopiah\Application Data\twittertmpwin.jpx
[2010/06/19 11:16:12 | 000,006,030 | ---- | M] () -- C:\Documents and Settings\Blueutopiah\Application Data\myspacetmpwin.jpx
[2010/06/19 10:39:10 | 000,071,168 | ---- | M] () -- C:\Documents and Settings\Blueutopiah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/19 02:13:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/16 15:30:37 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/05/16 15:30:37 | 000,156,672 | ---- | M] (Radioactive) -- C:\WINDOWS\System32\rmc_fixasf.exe
[2010/05/15 01:55:15 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/05/09 21:40:58 | 000,117,693 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/09 01:52:52 | 000,000,573 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/09 18:41:03 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/05 15:06:51 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Replay Media.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/24 10:25:00 | 000,000,321 | ---- | C] () -- C:\Boot.bak
[2010/06/24 10:24:57 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/20 22:24:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/19 19:52:26 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Blueutopiah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/19 19:52:26 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/19 02:13:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/19 01:20:16 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Uteletil.dat
[2010/06/19 01:19:31 | 000,006,030 | ---- | C] () -- C:\Documents and Settings\Blueutopiah\Application Data\myspacetmpwin.jpx
[2010/06/19 01:18:38 | 000,000,949 | ---- | C] () -- C:\Documents and Settings\Blueutopiah\Application Data\twittertmpwin.jpx
[2010/05/15 01:55:15 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/04/05 15:07:10 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2010/04/05 15:06:51 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Replay Media.lnk
[2009/10/09 11:34:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/09 11:33:21 | 000,000,058 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2009/10/09 11:33:15 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EP_SPR380.ini
[2008/09/27 23:02:36 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 21:08:20 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008/09/27 20:57:04 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/09/27 01:00:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/27 00:49:14 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/09/27 00:49:12 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008/09/26 23:45:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/09/26 23:45:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/09/26 23:45:38 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/09/26 23:45:36 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/09/26 23:44:08 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/06/18 15:59:56 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/12 22

28 | 000,548,864 | ---- | C] () -- C:\WINDOWS\System32\hpgtg400.dll
[2004/08/04 01:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 01:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

========== LOP Check ==========

[2010/06/25 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/10/09 11:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/02/01 17:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/02/01 17:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/02/01 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\Engelmann Media
[2009/01/06 14:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\IsolatedStorage
[2009/10/09 11:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\Leadertech
[2010/05/09 01:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Blueutopiah\Application Data\Opera

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/06/19 19:35:00 | 000,000,892 | ---- | M] () -- C:\aaw7boot.log
[2008/09/26 23:00:01 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/09/26 22:51:54 | 000,000,321 | ---- | M] () -- C:\Boot.bak
[2010/06/24 10:25:01 | 000,000,391 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/06/25 14:02:56 | 000,013,291 | ---- | M] () -- C:\ComboFix.txt
[2008/09/26 23:00:01 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/09/26 23:00:01 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/26 23:00:01 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 01:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 01:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/06/25 19:59:53 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/06/21 21:00:34 | 000,000,136 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/09/26 18:44:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/09/26 18:44:42 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/09/26 18:44:42 | 000,913,408 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2004/08/04 01:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 01:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< End of report >

Extras Log:

OTL Extras logfile created on: 6/25/2010 8:02:22 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Blueutopiah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 52.77 Gb Free Space | 47.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YAOI777
Current User Name: Blueutopiah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*

isabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2B618178-930B-46FA-9C93-0AE2EEB89EBC}" = DocProc
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{38D56396-298F-4874-B4EC-16B530B07879}" = HP Scanjet G4000 series 8.0
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{87E91B85-9A4A-4B1E-930E-3429D146FEB3}" = ScannerCopy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION
"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{9DA8FB24-AC71-4C4B-B10B-9675FAA45733}" = LJ-SecInstall
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}" = PixiePack Codec Pack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1704101-D142-42A4-83E5-F938F13DBD94}" = hpg4000QFolder
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FD7F3626-80DE-4E99-A11D-0BFB4350A00C}" = hpG4000
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"CheckIt Diagnostics" = CheckIt Diagnostics
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F10 00F" = Conexant HDA D330 MDC V.92 Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OEM002" = Laptop Integrated Webcam Driver (1.02.01.0612)
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp FLAC Codec" = dBpoweramp FLAC Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DC-Bass Source" = DC-Bass Source 1.1.1
"DirectVobSub" = DirectVobSub (remove only)
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.50
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 1685] [2007-12-06]
"HaaliMkx" = Haali Media Splitter
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 8.0
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"ljArchive" = ljArchive
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Replay Media Catcher 3.11" = Replay Media Catcher
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Silent Package Run-Time Sample" = EPSON Stylus Photo R380 User's Guide
"SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005 (Symantec Corporation)
"vis_milk.dllWinamp" = MilkDrop for Winamp 2x (remove only)
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/29/2009 8:24:41 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application zplayer.exe, version 6.0.0.0, faulting module
libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 8:33:41 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.3250, faulting module
libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:51:54 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:52:04 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application zplayer.exe, version 6.0.0.0, faulting module
libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:52:16 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:52:20 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 7/29/2009 9:52:47 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:53:17 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:58:50 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

Error - 7/29/2009 9:59:08 PM | Computer Name = YAOI777 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module libmplayer.dll, version 0.0.0.0, fault address 0x00017ee6.

[ System Events ]
Error - 6/24/2010 10:09:37 AM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 6/24/2010 10:10:06 AM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 6/24/2010 10:11:41 AM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg9wd service.

Error - 6/24/2010 10:16:18 AM | Computer Name = YAOI777 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/24/2010 10:16:18 AM | Computer Name = YAOI777 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 6/24/2010 10:19:00 AM | Computer Name = YAOI777 | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 6/24/2010 10:26:17 AM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/24/2010 10:28:46 AM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/25/2010 1:50:33 PM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/25/2010 5:04:57 PM | Computer Name = YAOI777 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

< End of report >

Thanks again,

Blueutopiah

**broni** · 26-06-2010

Very good

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (TBSB05974 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Search Toolbar\tbcore3.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
[2010/06/25 13:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/19 14:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

TrojansC-02, Virtumonde.prx and google redirection

TrojansC-02, Virtumonde.prx and google redirection

Similar Threads

Google and any other Search Engine sites redirection

The Google Link Redirection Problem

Google/search redirection, etc.

[Resolved] Google Redirection (Kenco)

[Active] Google, redirection (Firefox)